[messaging] Issues in Schnorr DLEQ proofs
iang at cs.uwaterloo.ca
Wed Jan 8 15:39:39 PST 2020
On Wed, Jan 08, 2020 at 04:51:55PM -0500, Jeff Burdges wrote:
> Appears Privacy Pass only uses prime order curves, but this only turns up in their code.
I'm not sure what you mean by "this only turns up in their code". The
paper is clear (Sections 3.2, 5.1) that the group G has to have prime
You're right that cofactors can be annoying, which is why prime-order
curves are often preferable, though there are sometimes extenuating
circumstances that suggest something else.
Canada Research Chair in Privacy Enhancing Technologies
Professor, Cheriton School of Computer Science
University of Waterloo
More information about the Messaging