📅 Original date posted:2023-07-24 🗒️ Summary of this message: The sender is ...

Tom Trevethan [ARCHIVE] /

npub1axs…yw7n

2023-07-27 00:26:33

in reply to nevent1q…wek4

📅 Original date posted:2023-07-24
🗒️ Summary of this message: The sender is discussing with Jonas the need for a method to blind the value of c in order to prevent the server from learning the value of m.
📝 Original message:
Hi Jonas,

Seems you are right: for every tx, compute c from the on-chain data, and
the server can match the c to the m (tx). So there would need to be a
method for blinding the value of c.

On Mon, Jul 24, 2023 at 4:39 PM Jonas Nick <jonasdnick at gmail.com> wrote:

> > Party 1 never learns the final value of (R,s1+s2) or m.
>
> Actually, it seems like a blinding step is missing. Assume the server
> (party 1)
> received some c during the signature protocol. Can't the server scan the
> blockchain for signatures, compute corresponding hashes c' = H(R||X||m) as
> in
> signature verification and then check c == c'? If true, then the server
> has the
> preimage for the c received from the client, including m.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230724/2bc0b366/attachment.html>;

Author Public Key

npub1axshsyxsl3vasj4z9549rvwdvhjmh52fw0ayj3ghtmdezx8cnuxqlwyw7n

Seen on

Show more details

Published at

2023-07-27 00:26:33

Kind type

1 Short Text Note

Event JSON

{ "id": "a6ce502943305bd272d9e4b2033555a2fe7326571aa2c5c175b3ea30be923293", "pubkey": "e9a17810d0fc59d84aa22d2a51b1cd65e5bbd14973fa4945175edb9118f89f0c", "created_at": 1690417593, "kind": 1, "tags": [ [ "e", "86a87258a295f0e8a6ce06957ce368a6146cf45a73137d0af6fcc0729ce599a0", "", "root" ], [ "e", "ba2308e53db608be8b6874f6d4b8e9097266342c34e963c3897378a1f7314856", "", "reply" ], [ "p", "22944ce1e29904e3826d25013a614e4665693ec514003efacc1b7586e8e5d0aa" ] ], "content": "📅 Original date posted:2023-07-24\n🗒️ Summary of this message: The sender is discussing with Jonas the need for a method to blind the value of c in order to prevent the server from learning the value of m.\n📝 Original message:\nHi Jonas,\n\nSeems you are right: for every tx, compute c from the on-chain data, and\nthe server can match the c to the m (tx). So there would need to be a\nmethod for blinding the value of c.\n\nOn Mon, Jul 24, 2023 at 4:39 PM Jonas Nick \u003cjonasdnick at gmail.com\u003e wrote:\n\n\u003e \u003e Party 1 never learns the final value of (R,s1+s2) or m.\n\u003e\n\u003e Actually, it seems like a blinding step is missing. Assume the server\n\u003e (party 1)\n\u003e received some c during the signature protocol. Can't the server scan the\n\u003e blockchain for signatures, compute corresponding hashes c' = H(R||X||m) as\n\u003e in\n\u003e signature verification and then check c == c'? If true, then the server\n\u003e has the\n\u003e preimage for the c received from the client, including m.\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230724/2bc0b366/attachment.html\u003e", "sig": "13174a397c8e09c5dfb9f216a1d30b69d2157040596123dab543ce4daeeda26bcc84061679adf0d2a7d485f228c8d6313597b5fac6db20abd8a89d56c7190417" }