Author: Erik Aronesty 2018-07-19 12:16:04
Published on: 2018-07-19T12:16:04+00:00
The discussion revolves around the security of Shamir secret sharing and the adaptability of Wagner's algorithm in the multisig construction. The writer argues that Wagner's algorithm is not applicable due to the inability to birthday attack something where there is only a single variable that can be modified. Additionally, with an additive construction adaptive attacks are possible, but in Shamir secret sharing interpolation, a public X coordinate is required as well as a secret share; choosing hash (pub) as X can prevent an attack. Meanwhile, Adam Back notes that delinearization mechanism is necessary to prevent adaptive public key choice from being used to break the scheme using Wagner's attack which is not specific to addition but a generalized birthday attack. He suggests that all public keys should be hashed along with per value hash for non-adaptively chosen public keys. Adaptively chosen public keys are dangerous and simple to exploit. Lastly, Wagner also breaks the earlier delinearization scheme S=H(A)*A+H(B)*B+H(C)*C.
Updated on: 2023-06-13T03:55:29.668024+00:00