[bitcoin-dev] Fwd: BIP 340 updates: even pubkeys, more secure nonce generation

Marko mbencun at gmail.com
Tue Mar 3 11:29:22 UTC 2020

That is an interesting point. Does the same concern apply to anti nonce
covert channel protocols? In those, the host would mix in a random nonce
of its own. The process is still deterministic and can be checked during
signing, but unless the host persists the nonce contributions it
provides, one can't check how the nonce was computed for past
signatures. I am unsure how desirable this property would be in
practice, though. I am guessing not that desirable, but it would be good
to hear other opinions.





Best, Marko

More information about the bitcoin-dev mailing list