{"type":"rich","version":"1.0","title":"Tom Trevethan [ARCHIVE] wrote","author_name":"Tom Trevethan [ARCHIVE] (npub1ax…wyw7n)","author_url":"https://yabu.me/npub1axshsyxsl3vasj4z9549rvwdvhjmh52fw0ayj3ghtmdezx8cnuxqlwyw7n","provider_name":"njump","provider_url":"https://yabu.me","html":"📅 Original date posted:2023-07-26\n🗒️ Summary of this message: Proving knowledge of the r values used in generating each R can prevent the Wagner attack, not signing or secret keys.\n📝 Original message:\nNot 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of\nknowledge of the r values used to generate each R used prevents the Wagner\nattack, no?\n\nOn Wed, Jul 26, 2023 at 8:59 PM Jonas Nick \u003cjonasdnick at gmail.com\u003e wrote:\n\n\u003e None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an\n\u003e attack on the nonces, I mentioned an attack on the challenge c) can be\n\u003e prevented\n\u003e by proving knowledge of the signing key (usually known as proof of\n\u003e possession,\n\u003e PoP).\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230726/05286983/attachment-0001.html\u003e"}