Author: Jonas Nick 2023-07-24 15:39:09+00:00
Published on: 2023-07-24T15:39:09+00:00
In the given context, there is a concern about party 1 not learning the final value of (R, s1+s2) or m. However, it is suggested that a blinding step might be missing in the process. The assumption is made that the server (party 1) has received some c during the signature protocol. To address this concern, it is proposed that the server can scan the blockchain for signatures and compute corresponding hashes c' = H(R||X||m) using signature verification. By comparing c with c', the server can determine if they are equal. If they are indeed equal, it implies that the server has the preimage for the c received from the client, including m.This additional step would allow the server to obtain the necessary information without compromising the security of the system. It ensures that party 1 can verify the authenticity of the received values without directly accessing the final values of (R, s1+s2) or m.
Updated on: 2023-07-25T02:22:15.429841+00:00