Author: Marko 2020-03-03 11:29:22
Published on: 2020-03-03T11:29:22+00:00
In a recent discussion on the Bitcoin-dev mailing list, a question was raised about the security concerns of anti-nonce covert channel protocols. The host in these protocols mixes in a random nonce of its own, making the process deterministic and verifiable during signing. However, without persistence of the nonce contributions provided by the host, it is impossible to check how the nonce was computed for past signatures. The author of the post is unsure if this property is desirable in practice and seeks other opinions. Two links are provided for further reading on the topic.
Updated on: 2023-05-20T21:49:23.053090+00:00