diff options
| author | Luke Dashjr <luke_github1@dashjr.org> | 2022-05-05 16:25:30 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-05 16:25:30 +0000 |
| commit | 5085c7547bcfec08976d542cc11a696c9e3056f1 (patch) | |
| tree | a03133b25cee039474909d2fafea1693b442c6cf | |
| parent | 77a7213e151048896648794258ed90bb5774b6ed (diff) | |
| parent | d58f2b29f7afcb1f72837c5283c329ee330c5889 (diff) | |
Merge pull request #1275 from meshcollider/202201_fix_broken_link
BIP340: fix broken link to Schnorr's blind signature attack
| -rw-r--r-- | bip-0340.mediawiki | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bip-0340.mediawiki b/bip-0340.mediawiki index b5a47d3..9573846 100644 --- a/bip-0340.mediawiki +++ b/bip-0340.mediawiki @@ -233,7 +233,7 @@ Adaptor signatures, beyond the efficiency and privacy benefits of encoding scrip === Blind Signatures === -A blind signature protocol is an interactive protocol that enables a signer to sign a message at the behest of another party without learning any information about the signed message or the signature. Schnorr signatures admit a very [https://www.math.uni-frankfurt.de/~dmst/research/papers/schnorr.blind_sigs_attack.2001.pdf simple blind signature scheme] which is however insecure because it's vulnerable to [https://www.iacr.org/archive/crypto2002/24420288/24420288.pdf Wagner's attack]. A known mitigation is to let the signer abort a signing session with a certain probability, and the resulting scheme can be [https://eprint.iacr.org/2019/877 proven secure under non-standard cryptographic assumptions]. +A blind signature protocol is an interactive protocol that enables a signer to sign a message at the behest of another party without learning any information about the signed message or the signature. Schnorr signatures admit a very [http://publikationen.ub.uni-frankfurt.de/files/4292/schnorr.blind_sigs_attack.2001.pdf simple blind signature scheme] which is however insecure because it's vulnerable to [https://www.iacr.org/archive/crypto2002/24420288/24420288.pdf Wagner's attack]. A known mitigation is to let the signer abort a signing session with a certain probability, and the resulting scheme can be [https://eprint.iacr.org/2019/877 proven secure under non-standard cryptographic assumptions]. Blind Schnorr signatures could for example be used in [https://github.com/ElementsProject/scriptless-scripts/blob/master/md/partially-blind-swap.md Partially Blind Atomic Swaps], a construction to enable transferring of coins, mediated by an untrusted escrow agent, without connecting the transactors in the public blockchain transaction graph. |