[Cryptography] Proof-of-Satoshi fails Proof-of-Proof.
Peter Todd
pete at petertodd.org
Sun May 8 15:39:18 EDT 2016
On Fri, May 06, 2016 at 10:25:25PM -0700, Tony Arcieri wrote:
> On Fri, May 6, 2016 at 12:06 PM, Ron Garret <ron at flownet.com> wrote:
>
> > > But with all forms of DH based signatures, a random number is generated
> > and that affects the signature value. In effect, every signature has a salt
> > value.
>
>
> Interesting sidebar: ECDSA nonces were one of the sources of Bitcoin's
> transaction malleability. The (massive pile of hacks that is) segregated
> witness feature being added to Bitcoin has an added side effect of removing
> signatures from the hash of a transaction, and with it the associated
> malleability.
>
> All that said, if you're designing a new system today, pick Ed25519.
While ECDSA nonces are a "source" of Bitcoin tx malleability, they aren't a
source that can be fixed, even by Ed25519, because you can't force the signer
to use the deterministic signing method vs. using another number; if Bitcoin
had used Ed25519 from the start we would still have a signature malleability
problem.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160508/3948400b/attachment.sig>
More information about the cryptography
mailing list