Author: Gregory Maxwell 2018-01-18 18:58:14
Published on: 2018-01-18T18:58:14+00:00
In a conversation between Ondřej Vejpustek and an unknown person on January 18, 2018, the issue of partial share leakage was discussed. The unknown person argued that the current proposal is not insecure against this type of attack because KDF should prevent it, but Vejpustek provided a concrete example to illustrate how it is not secure. The unknown person then mentioned that they had considered using a diffusion layer but ultimately decided to apply KDF on the shared secret instead. Vejpustek disagreed with this decision, stating that a large block cipher is a standard construction and the off-label application of a KDF does not provide any protection against partial share leakage.
Updated on: 2023-05-20T04:40:59.342319+00:00