Published on: 2018-01-23T14:16:22+00:00
In the provided context, there are multiple discussions and email exchanges covering various cryptographic schemes and their security. The first discussion revolves around a scheme shared on the bitcointalk forum, comparing it to the Makwa hashing function and highlighting the drawbacks of both schemes. Another discussion focuses on using Galois Field multiplication to improve Bitcoin's signature scheme, raising concerns about security against partial share leakage attacks. The use of diffusion layers and Key Derivation Functions (KDFs) is debated in another conversation.The security of Shamir Secret Sharing (SSS) is discussed, emphasizing the importance of verifying the integrity of the scheme before relying on its security. There is also a conversation about generalizing a GF(256) sharing scheme and creating a test utility to determine its security. The similarity between SSS and RSA is debated, along with the use of CRCs and error-correcting codes in relation to redundancy and protection of shares.Another email conversation addresses the entropy argument and the precautionary principle based on Shannon's information theory. It highlights that low redundancy doesn't necessarily make plaintext more secure and discusses the advantages of error-correcting codes over hash functions.Additionally, concerns are raised about Trezor's "plausible deniability" scheme, pointing out potential issues with passphrases being used as evidence. The discussion on blind host-delegated KDFs for hardware wallets raises concerns about the inability to verify valid results. There are debates about using a 16-bit checksum based on sha2 and suggestions to use a 20-bit code instead. The weakness of the key derivation function in Trezor's plausible deniability feature is also discussed.The SLIP39 scheme is criticized for the possibility of an attacker reconstructing the seed and the lack of versioning in the specification. Concerns are also raised about the new standard for Shamir Secret Scheme Splitting, including interoperability, weak key derivation functions, and the checksum algorithm.Lastly, Gregory Maxwell expresses satisfaction with BIP 39 as a security measure for brainwallets and mentions working on a BIP 39 tool. However, concerns are raised about interoperability and versioning issues with the new standard for Shamir Secret Scheme Splitting, weak key derivation functions, and problematic checksum algorithms.It is important to note that despite these concerns, the scheme in question cannot be used as a brainwallet scheme. These discussions highlight the need for further research and development in cryptocurrency security.
Updated on: 2023-08-01T22:26:10.438341+00:00