Author: Gregory Maxwell 2014-03-05 19:51:25
Published on: 2014-03-05T19:51:25+00:00
In an email thread on March 5, 2014, Peter Todd discussed the vulnerability of reusing Bitcoin addresses and using single-factor addresses when it comes to security. Todd suggested that by not reusing addresses, users could avoid passing a threshold of approximately 200 signatures. He also recommended using n-of-m multisig instead of single-factor addresses to increase robustness. However, he acknowledged that many people do not follow these recommendations due to the required behavioral changes. Therefore, Todd believes that adding side-channel resistant signing on top of these practices is crucial for good security. Todd mentioned a recent blind signature scheme for ECDSA proposed by Oleg Andreev that may be helpful in this regard. The scheme involves locally blinding the private key and point being signed before signing, then unblinding after signing. This way, each signing operation handles different private data, even if the user is reusing a key. The only point where unblinded private data is handled is during a simple scalar addition. While Todd had not fully thought through the implications of this scheme, he believes it could be beneficial in enhancing Bitcoin security.
Updated on: 2023-05-19T18:14:14.570240+00:00