Re: [Bitcoin-development] Is this a safe thing to be doing with ECC addition? (Oracle protocol)

On 8 March 2014 17:10, Alan Reiner etothe...@gmail.com wrote: I create a new keypair, c_pub with c_priv which I know (it can be any arbitrary key pair). But I don't give you c_pub, I give you b_pub = c_pub minus a_pub (which I can do because I've seen a_pub before doing this). Sure, I

Re: [Bitcoin-development] Instant / contactless payments

On Thu, Mar 06, 2014 at 02:39:52PM +, Alex Kotenko wrote: Not sure if you've seen it, but here is how we do NFC right now http://www.youtube.com/watch?v=DGOMIG9JUY8 with XBTerminal. Very interesting, thanks for sharing! Are the two devices on the same wifi network in the demo? In my

Re: [Bitcoin-development] Is this a safe thing to be doing with ECC addition? (Oracle protocol)

If both parties insist on seeing a hash of the other party's public key before they'll show their own public key, they can be sure that the public key is not chosen based on the public key they themselves presented. Although, I have to wonder, why not just use multisig? - Joel On 08.03.2014

Re: [Bitcoin-development] Is this a safe thing to be doing with ECC addition? (Oracle protocol)

Also the other limitation for ECDSA is that there is no known protocol to create a signture with a+b (where keys P=aG, Q=bG, R=P+Q=(a+b)G). without either a sending its private key to b or viceversa (or both to a third party). With Schnorr sigs you can do it, but the k^-1 term in ECDSA makes a

Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys

On Wednesday, March 05, 2014 4:21:52 PM Kevin wrote: How can we patch this issue? No need, it is not an issue for Bitcoin. Properly used, there is only ever one signature per public key. Luke -- Subversion Kills

Re: [Bitcoin-development] Is this a safe thing to be doing with ECC addition? (Oracle protocol)

Note that one of the reasons why this is insecure is because EC point addition is invertible. EC-scalar multiplication is not, thus why EC Diffie-Hellman is secure even when this timing asymmetry exists. A good cryptosystem doesn't have strange restrictions, like your public key can only be

[Bitcoin-development] Bitcoin wiki is down

Just an FYI: The Bitcoin wiki (https://en.bitcoin.it) is down. Is there a communication procedure or point person for such things? --- Tom Geller * Oberlin, Ohio * 415-317-1805 Writer/Presenter * http://www.tomgeller.com articles, marketing, videos, user guides,

Re: [Bitcoin-development] Is this a safe thing to be doing with ECC addition? (Oracle protocol)

Note that one of the reasons why this is insecure is because EC point addition is invertible. EC-scalar multiplication is not, thus why EC Diffie-Hellman is secure even when this asymmetry exists. A good cryptosystem doesn't have strange restrictions, like your public key can only be public

Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys

On Sat, Mar 8, 2014 at 11:34 AM, Luke-Jr l...@dashjr.org wrote: On Wednesday, March 05, 2014 4:21:52 PM Kevin wrote: How can we patch this issue? No need, it is not an issue for Bitcoin. Properly used, there is only ever one signature per public key. Security shouldn't depend on perfect use.