Author: ZmnSCPxj 2019-05-18 17:51:16
Published on: 2019-05-18T17:51:16+00:00
The email thread discusses the possibility of making unknown discrete logarithms provably unknown, with better privacy using a fixed known constant that is blinded with a random value to create an internal key. The discussion also includes Gregory Maxwell's comment about ZmnSCPxj's scheme for getting a NUMS point being insecure, which refers to the "hash-to-point" or "hash-to-curve" operation. The preferred method by cryptographers is generating random data and finding a point on secp256k1 with X coordinate x. While it may not be necessary in every case, creating a NUMS point could still have independent interest, such as setting up Pedersen commitments.
Updated on: 2023-06-13T18:37:56.976823+00:00