Author: Dustin Dettmer 2020-03-02 19:45:02
Published on: 2020-03-02T19:45:02+00:00
Marko thanked the initiator of a protocol implementation for PSBT anti nonce covert channel which has been his long-standing goal. He backported the scheme to ECDSA in the secp256k1 library for current transactions. The generalized sign-to-contract scheme, where the final nonce is computed as `k' = k + H(k*G, n)` instead of `k'=k+n`, was suggested to be used in PSBT. Proprietary fields or key-value pairs can be added to BIP-174 depending on whether anyone else is interested in using the protocol or not. Careful verification against state stored by the host for the PSBT is required when using PSBT with an air-gapped signer to avoid implementing the protocol wrongly and leaking private keys. Best practices and guidelines to avoid pitfalls would be helpful.
Updated on: 2023-06-13T23:49:48.586820+00:00