[messaging] Issues in Schnorr DLEQ proofs

Jeff Burdges burdges at gnunet.org
Wed Jan 8 17:51:47 PST 2020

I'm also wrong about V(X)Ed25519 which actually does have one sentence that corrects the VRF output with a cofactor multiplication.  :)


> On 8 Jan 2020, at 16:51, Jeff Burdges <burdges at gnunet.org> wrote:
> Appears Privacy Pass only uses prime order curves, but this only turns up in their code.
>> On 8 Jan 2020, at 14:40, Jeff Burdges <burdges at gnunet.org> wrote:
>> I have not yet checked if implementations of either V(X)Ed2551 or Privacy Pass correct the cofactor spec bugs.  I have not yet either added all the references for the protocols being commented on or ported over all the reverences for the non-cofactor concerns from https://github.com/w3f/schnorrkel/blob/master/src/vrf.rs either.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20200108/daeaf8ae/attachment.sig>

More information about the Messaging mailing list