On Thu, Jul 19, 2018 at 8:16 AM, Erik Aronesty via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote:
> you can't birthday attack something where there's only a single variable > that you can modify. > When engaging in a multiparty signature, the attacker can more than one variable to modify. When you are party to a multi-party signature (for example, in some sort of coin-join protocol) it could be that every other participant in the multi-party signature is, in fact, the same single attacker representing themselves as multiple participants. This is how the attacker gets their hands on multiple variables.
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
