Hi all,
Given the recent activity and attention [1,2] around anti-covert channel
signing schemes, I decided to create this overview of the various techniques
that I know of, their trade-offs, and the various issues they protect against.
Most of this is based on various schemes by a number of
Stepan have you spent any time considering a scheme that could involve HD
keys, preregistering n (ie. 1000) preimages, or something similar to reduce
the number of rounds at time of signing?
Would a zero knowledge solution allow for a reduction in rounds?
On Wed, Feb 26, 2020 at 7:13 PM Stepan
That is an interesting point. Does the same concern apply to anti nonce
covert channel protocols? In those, the host would mix in a random nonce
of its own. The process is still deterministic and can be checked during
signing, but unless the host persists the nonce contributions it
provides, one
