rich1.0Jonas Nick [ARCHIVE] (npub1at…y3z5a)https://yabu.me/npub1at3pav59gkeqz9kegzqhk2v4j4r435x42ytf23pxs8crt74tuc8s2y3z5anjumphttps://yabu.me📅 Original date posted:2023-07-24 🗒️ Summary of this message: Party 1 is unable to determine the final value of (R, s1+s2) or m, but a blinding step may be missing, allowing the server to scan the blockchain for signatures and compute corresponding hashes to check for a match. 📝 Original message: > Party 1 never learns the final value of (R,s1+s2) or m. Actually, it seems like a blinding step is missing. Assume the server (party 1) received some c during the signature protocol. Can't the server scan the blockchain for signatures, compute corresponding hashes c' = H(R||X||m) as in signature verification and then check c == c'? If true, then the server has the preimage for the c received from the client, including m.