I'm also wrong about V(X)Ed25519 which actually does have one sentence that corrects the VRF output with a cofactor multiplication. :)
Jeff > On 8 Jan 2020, at 16:51, Jeff Burdges <burd...@gnunet.org> wrote: > Appears Privacy Pass only uses prime order curves, but this only turns up in > their code. > >> On 8 Jan 2020, at 14:40, Jeff Burdges <burd...@gnunet.org> wrote: >> I have not yet checked if implementations of either V(X)Ed2551 or Privacy >> Pass correct the cofactor spec bugs. I have not yet either added all the >> references for the protocols being commented on or ported over all the >> reverences for the non-cofactor concerns from >> https://github.com/w3f/schnorrkel/blob/master/src/vrf.rs either. >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
