> The reason to include the message is that if the nonce repeats and the
> message does not, then you leak the secret key. This only matters if you’re
> worried about the RNG repeating, but it seems like a valid concern.
Then there must be something I don't understand. This may very well be my
underlying point -- if you throw lots of stuff together so that it's hard to
understand, then you don't necessarily get something secure, you just get
something hard to understand.
I've been re-reading and it sounds like you're trying to design crypto that
works even when the crypto is broken. I'm not sure that even makes sense.
Jon
_______________________________________________
Curves mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/curves
