Aaron Voisine [ARCHIVE] on Nostr: 📅 Original date posted:2014-07-19 📝 Original message:Well, you could always ...
📅 Original date posted:2014-07-19
📝 Original message:Well, you could always create a transaction with a different signature
hash, say, by changing something trivial like nLockTime, or changing
the order of inputs or outputs. Is that what you're talking about? Or
is there some sophistry I'm ignorant of having to do with the elliptic
curve math in the signature itself?
Aaron Voisine
breadwallet.com
On Fri, Jul 18, 2014 at 6:28 PM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Fri, Jul 18, 2014 at 3:03 PM, Aaron Voisine <voisine at gmail.com> wrote:
>>> 9. New signatures by the sender
>>
>> I'm not suggesting it be required, but it would be possible to
>> mitigate this one by requiring that all signatures deterministically
>> generate k per RFC6979. I'm using this in breadwallet.
>
> Nope.
>
> Your homework assignment is to explain why. :)
📝 Original message:Well, you could always create a transaction with a different signature
hash, say, by changing something trivial like nLockTime, or changing
the order of inputs or outputs. Is that what you're talking about? Or
is there some sophistry I'm ignorant of having to do with the elliptic
curve math in the signature itself?
Aaron Voisine
breadwallet.com
On Fri, Jul 18, 2014 at 6:28 PM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Fri, Jul 18, 2014 at 3:03 PM, Aaron Voisine <voisine at gmail.com> wrote:
>>> 9. New signatures by the sender
>>
>> I'm not suggesting it be required, but it would be possible to
>> mitigate this one by requiring that all signatures deterministically
>> generate k per RFC6979. I'm using this in breadwallet.
>
> Nope.
>
> Your homework assignment is to explain why. :)