New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement anti-klepto protocol to protect against covert nonces #47

Open

paulmillr opened this issue May 18, 2023 · 1 comment

Labels

Owner

paulmillr commented May 18, 2023 •

edited

Loading

Not sure if the low-level library is the best place for such API, but at least some primitives need to be implemented for the anti-klepto protocol.

hot->cold: sha(k_hot)
cold->hot: kP_cold = hash(tx, privkey, sha(k_hot)) * G
hot->cold: k_hot
cold->hot: signed_tx
hot:       verify tx.R == kP_cold + k_hot*G

https://shiftcrypto.ch/blog/anti-klepto-explained-protection-against-leaking-private-keys/, bitcoin-core/secp256k1#637

The text was updated successfully, but these errors were encountered:

paulmillr added the enhancement label

Owner Author

paulmillr commented May 20, 2023

Disadvantage: user may erroneously sign 2 txs, producing different non-deterministic nonces, and push those txs, which will leak their private key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment