Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-01-19 | Update acknowledgements, remove authors | Pieter Wuille | |
2020-01-19 | Clarify nonce generation | Tim Ruffing | |
- Separate nonce generation into getting a random byte string and converting it to a suitable scalar ... - ... to make clear that the byte string can be generated differently. - Make the warning a little bit more prominent and improve writing | |||
2020-01-19 | Update authors | Pieter Wuille | |
2020-01-19 | Update bip-schnorr.mediawiki | Pieter Wuille | |
Co-Authored-By: Tim Ruffing <crypto@timruffing.de> | |||
2020-01-19 | Linearity makes sign-for-sum-of-keys easier, not possible entirely. | Pieter Wuille | |
I'm sure it's possible to construct a complex MPC that can sign for the sum of keys under ECDSA as well. | |||
2020-01-19 | Update bip-schnorr.mediawiki | Tim Ruffing | |
2020-01-19 | Mention that we don't change the hash function | Tim Ruffing | |
2020-01-19 | Completely specified | Pieter Wuille | |
2020-01-19 | Low-S ECDSA is non-malleable under nonstandard assumptions | Pieter Wuille | |
2020-01-19 | Replace private key with secret key | Jonas Nick | |
2020-01-19 | Clarify why we don't want short hashes | Tim Ruffing | |
This is supposed to supersede https://github.com/sipa/bips/pull/158. I tried to say this carefully. I don't think that multiparty signing is in general broken with short hashes. For example the attack in #158 could be avoided by letting everybody not only commit to the nonce but also to the message. It's just that using a collision-resistant hash just eliminates the problem entirely... | |||
2020-01-19 | Fix reference formatting | Hennadii Stepanov | |
2020-01-19 | Replace BIP66 link with BIP146 | Orfeas Stefanos Thyfronitis Litos | |
BIP66 does not mention the inherent ECDSA malleability, but BIP146 does | |||
2020-01-19 | Link to proof sketch of security of implicit Y | Orfeas Stefanos Thyfronitis Litos | |
Thanks to @ajtowns for providing the link | |||
2020-01-19 | Improve clarity of footnotes for lift_x | Jonas Nick | |
2020-01-19 | Replace references to Euler's criterion with Legendre symbol in bip-schnorr | Jonas Nick | |
2020-01-19 | Fix bip-schnorr footnote 7 by specifying that we're referring to P's y ↵ | Jonas Nick | |
coordinate and not some undefined 'x' | |||
2020-01-19 | Nits | Kalle Rosenbaum | |
2020-01-19 | Fix paragraph naming and typo | Hennadii Stepanov | |
2020-01-19 | Rephrase "previous design choice" to "list above" | Orfeas Stefanos Thyfronitis Litos | |
2020-01-19 | grammar typo fix: inserted "be" | stefanwouldgo | |
2020-01-19 | Add missing dots that denote multiplication | Dmitry Petukhov | |
Throughout the document, elliptic curve multiplication is denoted with dots, as in `d'⋅G` as opposed to `d'G`. This is not the case in one place in the 'Default Signing' section, and one place in 'Adaptor Signatures' section Missing dots are added for consistency. | |||
2020-01-19 | Add missing quote | Orfeas Stefanos Thyfronitis Litos | |
2020-01-19 | Fix typo in schnorr, footnote 2 | Orfeas Stefanos Thyfronitis Litos | |
2020-01-19 | G refers to secp256k1 base point rather generator | Hennadii Stepanov | |
2020-01-19 | improve rationale for key prefixing | Tim Ruffing | |
2020-01-19 | Settle on notation: is_square(y), has_square_y(P) | Pieter Wuille | |
2020-01-19 | typos | Tim Ruffing | |
2020-01-19 | Update bip-schnorr.mediawiki | Pieter Wuille | |
Co-Authored-By: Tim Ruffing <tim@timruffing.de> | |||
2020-01-19 | Update bip-schnorr.mediawiki | Pieter Wuille | |
Co-Authored-By: Tim Ruffing <tim@timruffing.de> | |||
2020-01-19 | Elaborate on default and alternative signing | Pieter Wuille | |
2020-01-19 | Change reference for ECDSA proofs | Tim Ruffing | |
Refer to Manuel Fersch's dissertation for provable security of ECDSA. It's freely accessible and multiple results put well in context. | |||
2020-01-19 | More on key generation | Pieter Wuille | |
2020-01-19 | Clarify interaction x-only keys with verification | Pieter Wuille | |
2020-01-19 | Update bip-schnorr.mediawiki | Pieter Wuille | |
Co-Authored-By: Tim Ruffing <tim@timruffing.de> | |||
2020-01-19 | Explain that MuSig needs key prefixing | Pieter Wuille | |
2020-01-19 | bip-schnorr: more on (e,s) | Tim Ruffing | |
2020-01-19 | bip-schnorr: more on provable security | Tim Ruffing | |
I'll try to get a link to the CCS paper that does not have a paywall... | |||
2020-01-19 | Typo | Pieter Wuille | |
2020-01-19 | Drop other curve comment | Pieter Wuille | |
2020-01-19 | Prefix infinite with is_ | Pieter Wuille | |
2020-01-19 | Apply suggestions from code review | Pieter Wuille | |
Co-Authored-By: Tim Ruffing <tim@timruffing.de> | |||
2020-01-19 | Formulate claims about BatchVerify more accurately | Pieter Wuille | |
2020-01-19 | Use is_square/is_positive and introduce algorithm names | Pieter Wuille | |
2020-01-19 | HTTPS links where possible | Pieter Wuille | |
2020-01-19 | Small fixes from review with real-or-random | Pieter Wuille | |
2020-01-19 | Link to Schnorr's paper instead of Wikipedia | Tim Ruffing | |
2020-01-19 | Standardize on secret key in bip-schnorr | Jonas Nick | |
2020-01-19 | Euler's Criterion prime only nit | Elichai Turkel | |
2020-01-19 | Mention SHA256 block size | Jonas Nick | |
Rebased by Pieter Wuille |