@pbarreto @JacksDismay So what Paulo is saying is that under certain circumstances Bitcoin ECDSA signers could be really hosed.
-
-
Replying to @matthew_d_green
@pbarreto@JacksDismay What 's not certain is how frequently those circumstances turn up in real implementations.4 replies 1 retweet 1 like -
Replying to @matthew_d_green
@matthew_d_green@JacksDismay Then again, not that long ago I'd ask myself the same question regarding BEAST, Lucky Thirteen, etc.4 replies 0 retweets 1 like -
Replying to @pbarreto
@pbarreto@matthew_d_green Does Bitcoin need to move away from ECDSA2 replies 0 retweets 1 like -
Replying to @JacksDismay
@JacksDismay@matthew_d_green I don't know about (EC)DSA even though I don't like the algorithm, but Bitcoin should drop secp256k1.1 reply 0 retweets 1 like -
Replying to @pbarreto
@pbarreto@JacksDismay They're talking about Curve25519. I don't know about EdDSA.2 replies 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@pbarreto@JacksDismay they're talking about Curve25519 for digital signatures? That's wrong on so many levels2 replies 1 retweet 2 likes -
Replying to @bascule
@bascule@matthew_d_green@pbarreto@JacksDismay What’s wrong with Curve25519?3 replies 0 retweets 0 likes -
Replying to @tqbf
@tqbf@matthew_d_green@pbarreto@JacksDismay but the larger issue, of course, is that Ed25519 has ready-made DSA by@hashbreaker himself2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@pbarreto@JacksDismay@hashbreaker You can’t use r=H(x,M) to do deterministic signatures over any curve?2 replies 0 retweets 0 likes
@tqbf @matthew_d_green @pbarreto @JacksDismay why are we reinventing the wheel here exactly?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.