[Cryptography] Proof-of-Satoshi fails Proof-of-Proof.
Allen
allenpmd at gmail.com
Sat May 7 07:06:50 EDT 2016
> Interesting sidebar: ECDSA nonces were one of the sources of Bitcoin's
transaction malleability.
> The (massive pile of hacks that is) segregated witness feature being
added to Bitcoin has an added
> side effect of removing signatures from the hash of a transaction, and
with it the associated malleability.
> All that said, if you're designing a new system today, pick Ed25519.
FYI, while Ed25519 specifies that the nonce should be set
deterministically, a signer can set it randomly and the signature will
still verify. In fact, I don't see any way for a verifier to know if a
signature was generated with a deterministic or a random nonce, so using
Ed25519 might not solve malleability.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160507/276f4796/attachment.html>
More information about the cryptography
mailing list