This maybe simpler and trivially compatible with existing type2 public keys
(ones that are multiples of a parent public key): send an ECDSA signature of
the multiplier, and as we know you can compute ("recover") the parent public
key from an the ECDSA signature made using it.


On Wed, Jun 19, 2013 at 05:28:15PM +0200, Adam Back wrote:
>[q-th root with unknown no discrete log artefact]
>If it was a concern I guess you could require a proof of knowledge of
>discrete log.  ie as well as public key parent, multiplier the address must
>include ECDSA sig or Schnorr proof of knowledge (which both demonstrate
>knowledge of the discrete log of Q to base G.)

This email is sponsored by Windows:

Build for Windows Store.
Bitcoin-development mailing list

Reply via email to