Author: Erik Aronesty 2020-03-05 19:01:27
Published on: 2020-03-05T19:01:27+00:00
Schnorr sigs are dependent on the masking provided by a random nonce. However, there are several simple ways to introduce bias, such as hash + modulo. Even 2 bits of bias can lead to serious attacks, as stated in a presentation given at ECC2017. As a result, it may be beneficial to consider pairing based signatures, which although slower than Schnorr sigs, could potentially offer more flexibility and better security implementations.
Updated on: 2023-06-14T00:01:44.991075+00:00