[messaging] Issues in Schnorr DLEQ proofs
Jeff Burdges
burdges at gnunet.org
Wed Jan 8 17:51:47 PST 2020
I'm also wrong about V(X)Ed25519 which actually does have one sentence that corrects the VRF output with a cofactor multiplication. :)
Jeff
> On 8 Jan 2020, at 16:51, Jeff Burdges <burdges at gnunet.org> wrote:
> Appears Privacy Pass only uses prime order curves, but this only turns up in their code.
>
>> On 8 Jan 2020, at 14:40, Jeff Burdges <burdges at gnunet.org> wrote:
>> I have not yet checked if implementations of either V(X)Ed2551 or Privacy Pass correct the cofactor spec bugs. I have not yet either added all the references for the protocols being commented on or ported over all the reverences for the non-cofactor concerns from https://github.com/w3f/schnorrkel/blob/master/src/vrf.rs either.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20200108/daeaf8ae/attachment.sig>
More information about the Messaging
mailing list