Does the threshold EdDSA subject to Small-subgroup attack?

bnb-chain / tss-lib

Threshold Signature Scheme, for ECDSA and EDDSA

MIT License

790 stars 271 forks source link

Does the threshold EdDSA subject to Small-subgroup attack? #283

Open lucky1024 opened 10 months ago

lucky1024 commented 10 months ago

Standard EdDSA uses bit clamping to prevent small-subgroup attacks. But there is no bit clamping in this implementation. Does the threshold EdDSA subject to Small-subgroup attack?