What is Nostr?
Jonas Nick [ARCHIVE] /
npub1at3…3z5a
2023-07-24 15:55:41
in reply to nevent1q…rcjp

Jonas Nick [ARCHIVE] on Nostr: 📅 Original date posted:2023-07-24 🗒️ Summary of this message: Party 1 is ...

📅 Original date posted:2023-07-24
🗒️ Summary of this message: Party 1 is unable to determine the final value of (R, s1+s2) or m, but a blinding step may be missing, allowing the server to scan the blockchain for signatures and compute corresponding hashes to check for a match.
📝 Original message:
> Party 1 never learns the final value of (R,s1+s2) or m.

Actually, it seems like a blinding step is missing. Assume the server (party 1)
received some c during the signature protocol. Can't the server scan the
blockchain for signatures, compute corresponding hashes c' = H(R||X||m) as in
signature verification and then check c == c'? If true, then the server has the
preimage for the c received from the client, including m.
Author Public Key
npub1at3pav59gkeqz9kegzqhk2v4j4r435x42ytf23pxs8crt74tuc8s2y3z5a