ZcashFoundation / redjubjub

A minimal RedJubjub implementation for use in Zebra.
Other
28 stars 21 forks source link

Ensure that FROST shares don't have small-order components #61

Open str4d opened 3 years ago

str4d commented 3 years ago

If a signing party includes a small-order component in their share such that ak is generated with a small-order component, then every rk (for every transaction signed with that ak) will have the same small-order component, enabling those transactions to be linked (to within 1-in-7, but that is still a big hit to spend unlinkability).

chelseakomlo commented 3 years ago

@str4d we have some new people joining Zcash and working on FROST, so can you please specify notation here? Specifically ak and rk.