{"type":"rich","version":"1.0","title":"Jonas Nick [ARCHIVE] wrote","author_name":"Jonas Nick [ARCHIVE] (npub1at…y3z5a)","author_url":"https://yabu.me/npub1at3pav59gkeqz9kegzqhk2v4j4r435x42ytf23pxs8crt74tuc8s2y3z5a","provider_name":"njump","provider_url":"https://yabu.me","html":"📅 Original date posted:2023-07-24\n🗒️ Summary of this message: Party 1 is unable to determine the final value of (R, s1+s2) or m, but a blinding step may be missing, allowing the server to scan the blockchain for signatures and compute corresponding hashes to check for a match.\n📝 Original message:\n\u003e Party 1 never learns the final value of (R,s1+s2) or m.\n\nActually, it seems like a blinding step is missing. Assume the server (party 1)\nreceived some c during the signature protocol. Can't the server scan the\nblockchain for signatures, compute corresponding hashes c' = H(R||X||m) as in\nsignature verification and then check c == c'? If true, then the server has the\npreimage for the c received from the client, including m."}