2021-06-15 23:49:08
I'm not saying there's no room to disagree with what I wrote, but to dismiss it as misinformation as if what I wrote was some preposterous mumbo-jumbo designed to instill fear that Bitcoin will be compromised or something is bullshit.
I make no claim that this will compromise Bitcoin, destroy the project, or something like that.
Schnorr's is a signature scheme, not a cryptographic primitive. So my issue is not with Schnorr's itself but rather the cryptographic primitive (secp256k1) that the scheme is being applied to.
Peter Wiulle argued that I was misguided in my idea that signatures are not generated deterministically for Bitcoin - but I'm not.
Their library may enforce deterministic signatures, but you don't need to follow their library to generate a legitimate Bitcoin address
or a legitimate signature. In fact, you could generate a Bitcoin address right on the command line if that's what you wanted to do (will produce the code for that in a second).
This is Why I Pushed For an Industry-Wide Standard Peter Wiulle claiming, "Nearly all ECDSA implementations today, including all the ones used in Bitcoin software that I know about, already use derandomized RFC6979 nonce generation for secp256k1...", is actually bullshit.
If you check out this issue here in BitPay's GitHub, you can see how the failure to provide any level of standardization has resulted in
a distinct variation in what private keys are produced via mnemonics (i.e., your 'recovery seed' may produce an entirely different address - not fucking good)
Read here: https://github.com/bitpay/bitcore-lib/issues/47
One of these issues
is still fucking open right now - https://github.com/bitpay/bitcore-lib/issues/94
101 views20:49