On 08/27/2015 03:26 PM, Jeff Burdges wrote: > By this argument, DT's protocols are all deniable too, as the signatures > always travel encrypted. It's a fine argument, but it'll never justify > our proposed modifications to ECDSA.
No, because the point is that here Bob conspires against Alice and tries to prove it was Alice to a 3rd party. In your case, both Alice and Bob are being compromised, which is an entirely different scenario. > I'm arguing that an attacker who can violate deniability in DT's > protocol 5, meaning they can obtain z and (r,s), can also violate > deniability in our modified ECDSA scheme by compromising Alice's > long-term private key at a later date. I disagree, as long as the ephemeral keys are not also compromised, we should be fine with the new variant.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
