[bitcoin-dev] Multiparty signatures
Russell O'Connor
roconnor at blockstream.io
Thu Jul 19 13:11:28 UTC 2018
On Thu, Jul 19, 2018 at 8:16 AM, Erik Aronesty via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
> you can't birthday attack something where there's only a single variable
> that you can modify.
>
When engaging in a multiparty signature, the attacker can more than one
variable to modify. When you are party to a multi-party signature (for
example, in some sort of coin-join protocol) it could be that every other
participant in the multi-party signature is, in fact, the same single
attacker representing themselves as multiple participants. This is how the
attacker gets their hands on multiple variables.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180719/70bd09ca/attachment-0001.html>
More information about the bitcoin-dev
mailing list