What is Nostr?
Gregory Maxwell [ARCHIVE] /
npub1f2n…rwet
2023-06-07 18:09:34
in reply to nevent1q…m2hf

Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2018-01-18 📝 Original message:On Thu, Jan 18, 2018 at ...

📅 Original date posted:2018-01-18
📝 Original message:On Thu, Jan 18, 2018 at 4:59 PM, Ondřej Vejpustek
<ondrej.vejpustek at satoshilabs.com> wrote:
>> If being secure against partial share leakage is really part of your
>> threat model the current proposal is gratuitously insecure against it.
>
> I don't think that is true. Shared secret is an input of KDF which
> should prevent this kind of attack.

My post provided a concrete example. I'd be happy to answer any
questions about it, but otherwise I'm not sure how to make it more
clear.

> Actually, we've been considering something like that. We concluded that it is to much "rolling your own crypto". Instead of diffusion layer we decided to apply KDF on the shared secret.


Quite the opposite-- a large block cipher is a standard
construction... and the off-label application of a KDF that you've
used here doesn't provide any protection against the example I gave.
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwet