[cryptography] Point compression prior art?

Paul Crowley paul at ciphergoth.org
Sat May 21 04:47:41 EDT 2011


On 21/05/11 01:04, Sebastien Martini wrote:
>> From a practical point of view there is however something not really
> handy with Schnorr's signature scheme, that is you can't call the sign
> function with a hash of the message  because the ephemeral public key
> must be concataned to the message before being hashed.

This isn't what you would do in practice; in practice one would hash the 
message as normal, then hash that together with the ephemeral value to 
generate the challenge value.
-- 
   __
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/



More information about the cryptography mailing list