diff options
Diffstat (limited to 'bip-0327.mediawiki')
| -rw-r--r-- | bip-0327.mediawiki | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bip-0327.mediawiki b/bip-0327.mediawiki index 4815f40..181926b 100644 --- a/bip-0327.mediawiki +++ b/bip-0327.mediawiki @@ -554,7 +554,7 @@ influence whether ''sk<sub>1</sub>'' or ''sk<sub>2</sub>'' is provided to ''Sign This degree of freedom may allow the adversary to perform a generalized birthday attack and thereby forge a signature (see [https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-October/021000.html bitcoin-dev mailing list post] and [https://github.com/jonasnick/musig2-tweaking writeup] for details). -Checking ''pk'' against ''InvidualPubkey(sk)'' is a simple way to ensure +Checking ''pk'' against ''IndividualPubkey(sk)'' is a simple way to ensure that the secret key provided to ''Sign'' is fully determined already when ''NonceGen'' is invoked. This removes the adversary's ability to influence the secret key after having seen the ''pubnonce'' and thus rules out the attack.<ref>Ensuring that the secret key provided to ''Sign'' is fully determined already when ''NonceGen'' is invoked is a simple policy to rule out the attack, |