Author: Adam Back 2014-12-21 10:01:37
Published on: 2014-12-21T10:01:37+00:00
Peter Todd proposed two cryptographic primitives that operate on message, public key, and a valid signature. The first primitive, AntiReplaySign(), generates a new signature sig2 for message m and pubkey p. The second primitive, VerifyAntiReplaySig(), verifies whether the generated signature sig2 is valid for the given message and public key. The implementation of AntiReplaySign() prevents re-running the primitive on a different message m' once it has been used for a given pubkey. However, this requires a trusted third party as it is impossible to implement with math alone. One possible risk associated with this implementation is the insecurity of enabling miners to take funds. To prevent this, a one-show signature can be used instead of the normal ECDSA. The one-show signature involves generating a public key Q=dG, R=kG, and the signature (r,s) where s=(H(m)+rd)/k. The verification of the signature is done by checking if a=H(Q) and sR=?H(m)G+rQ for normal ECDSA and a=H(Q,R) and sR=?H(m)G+rQ for one-show signature. The one-show signature is designed to prevent double-spending by using a specific R only. Reusing R with different messages leaks the private key and compromises the security of the system.
Updated on: 2023-06-09T14:58:31.601554+00:00