> The reason to include the message is that if the nonce repeats and the 
> message does not, then you leak the secret key.  This only matters if you’re 
> worried about the RNG repeating, but it seems like a valid concern.

Then there must be something I don't understand. This may very well be my 
underlying point -- if you throw lots of stuff together so that it's hard to 
understand, then you don't necessarily get something secure, you just get 
something hard to understand. 

I've been re-reading and it sounds like you're trying to design crypto that 
works even when the crypto is broken. I'm not sure that even makes sense.

        Jon

_______________________________________________
Curves mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/curves

Reply via email to