rich1.0Tom Trevethan [ARCHIVE] (npub1ax…wyw7n)https://yabu.me/npub1axshsyxsl3vasj4z9549rvwdvhjmh52fw0ayj3ghtmdezx8cnuxqlwyw7nnjumphttps://yabu.me📅 Original date posted:2023-07-26 🗒️ Summary of this message: Proving knowledge of the r values used in generating each R can prevent the Wagner attack, not signing or secret keys. 📝 Original message: Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of knowledge of the r values used to generate each R used prevents the Wagner attack, no? On Wed, Jul 26, 2023 at 8:59 PM Jonas Nick <jonasdnick at gmail.com> wrote: > None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an > attack on the nonces, I mentioned an attack on the challenge c) can be > prevented > by proving knowledge of the signing key (usually known as proof of > possession, > PoP). > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230726/05286983/attachment-0001.html>