Author: Aaron Voisine 2014-07-19 19:08:13
Published on: 2014-07-19T19:08:13+00:00
The context is a conversation between Aaron Voisine and Gregory Maxwell discussing cryptographic protocols. In response to Aaron's suggestion that one could create a transaction with a different signature hash, Gregory explains the properties of the DSA nonce and why generating k in a way that the verifier can duplicate is impossible. He emphasizes that an attacker is not obligated to follow a protocol unless it can be prevented and that there is no reasonable way to prove you're using a particular nonce generation scheme without revealing the private key in the process. Gregory suggests that deterministic signing does not prevent someone from grinding signatures to improve their mining odds and mentions that there are signature systems which are naturally randomness-free, but not DSA or any of its derivatives.
Updated on: 2023-06-09T01:18:59.820967+00:00