Author: AdamISZ 2023-07-27 05:51:14+00:00
Published on: 2023-07-27T05:51:14+00:00
In the email thread, there is a discussion about a protocol for 2FA authentication and blind signing in Bitcoin transactions. The sender, moonsettler, proposes a solution to solve the blinding issue in the protocol. They provide a code snippet that outlines the steps for signing and verification using blind signatures. The code can be found in a GitHub gist.AdamISZ responds to moonsettler's proposal, acknowledging the interesting idea but pointing out a potential vulnerability in the protocol. They mention that the protocol does not check K values against attacks, which could allow someone to extract the server's key from one signing. AdamISZ provides a detailed explanation of how this attack could be carried out.The conversation continues with moonsettler expressing gratitude for the feedback and mentioning that they had assumed an attacker with access to the private key would only steal the coins without bothering to extract the co-signer's key. They admit that this assumption may not be useful in general.Earlier in the thread, Jonas Nick raises a concern about a missing blinding step in the protocol. They suggest that the server (party 1) could scan the blockchain for signatures, compute corresponding hashes, and compare them to the received hash to obtain the preimage, including the message.Overall, the discussion revolves around the security and vulnerabilities of the proposed protocol for 2FA authentication and blind signing in Bitcoin transactions. The participants analyze the code and point out potential weaknesses in the protocol.
Updated on: 2023-07-28T02:05:07.329178+00:00