diff options
| author | Samuel Dobson <dobsonsa68@gmail.com> | 2022-01-21 21:54:52 +1300 |
|---|---|---|
| committer | Samuel Dobson <dobsonsa68@gmail.com> | 2022-01-21 21:59:30 +1300 |
| commit | d58f2b29f7afcb1f72837c5283c329ee330c5889 (patch) | |
| tree | f700444ea9f528e1c1275df0db375bb231084970 /bip-0340.mediawiki | |
| parent | 02de475efc528058bd04a0c4ad31b6422aed5f5f (diff) | |
| download | bips-d58f2b29f7afcb1f72837c5283c329ee330c5889.tar.xz | |
BIP340: fix broken link to Schnorr's blind signature attack
Diffstat (limited to 'bip-0340.mediawiki')
| -rw-r--r-- | bip-0340.mediawiki | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bip-0340.mediawiki b/bip-0340.mediawiki index b5a47d3..9573846 100644 --- a/bip-0340.mediawiki +++ b/bip-0340.mediawiki @@ -233,7 +233,7 @@ Adaptor signatures, beyond the efficiency and privacy benefits of encoding scrip === Blind Signatures === -A blind signature protocol is an interactive protocol that enables a signer to sign a message at the behest of another party without learning any information about the signed message or the signature. Schnorr signatures admit a very [https://www.math.uni-frankfurt.de/~dmst/research/papers/schnorr.blind_sigs_attack.2001.pdf simple blind signature scheme] which is however insecure because it's vulnerable to [https://www.iacr.org/archive/crypto2002/24420288/24420288.pdf Wagner's attack]. A known mitigation is to let the signer abort a signing session with a certain probability, and the resulting scheme can be [https://eprint.iacr.org/2019/877 proven secure under non-standard cryptographic assumptions]. +A blind signature protocol is an interactive protocol that enables a signer to sign a message at the behest of another party without learning any information about the signed message or the signature. Schnorr signatures admit a very [http://publikationen.ub.uni-frankfurt.de/files/4292/schnorr.blind_sigs_attack.2001.pdf simple blind signature scheme] which is however insecure because it's vulnerable to [https://www.iacr.org/archive/crypto2002/24420288/24420288.pdf Wagner's attack]. A known mitigation is to let the signer abort a signing session with a certain probability, and the resulting scheme can be [https://eprint.iacr.org/2019/877 proven secure under non-standard cryptographic assumptions]. Blind Schnorr signatures could for example be used in [https://github.com/ElementsProject/scriptless-scripts/blob/master/md/partially-blind-swap.md Partially Blind Atomic Swaps], a construction to enable transferring of coins, mediated by an untrusted escrow agent, without connecting the transactors in the public blockchain transaction graph. |