On Mon, May 22, 2017 at 4:29 AM, Lee Clagett <[email protected]> wrote: > On Fri, 19 May 2017 01:31:49 +0000 Trevor Perrin <[email protected]> >> >> (A) Since the signature is intended to bind a unique tag value, the >> tag should have been hashed as a signature input. > > I'm not sure how this would be done without altering the construction > significantly:
Yeah, I was wrong (I was thinking about 3rd-party tampering, instead of double-spending, for some reason). Trevor _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
