Author: Russell O'Connor 2018-01-22 19:21:14
Published on: 2018-01-22T19:21:14+00:00
The discussion on the Bitcoin-dev mailing list regarding the security of a proposal to use Galois Field (GF) multiplication to improve Bitcoin's signature scheme continues. Gregory Maxwell expressed concerns about the proposal's security against partial share leakage attacks. He provided an example to support his argument and suggested that using GF(2^256+n) might be a better alternative. Another participant in the discussion, Ondřej Vejpustek, argued that the shared secret is already an input of the Key Derivation Function (KDF), which should prevent such attacks. However, Maxwell disagreed, stating that using a KDF does not provide protection against the attack he described. The discussion then turned to the question of whether it would be better to use GF(2^256+n) instead of GF(2^8). The speed difference between the two fields was raised as a potential concern.
Updated on: 2023-06-12T23:35:47.690152+00:00