Open lucky1024 opened 10 months ago
Standard EdDSA uses bit clamping to prevent small-subgroup attacks. But there is no bit clamping in this implementation. Does the threshold EdDSA subject to Small-subgroup attack?
Standard EdDSA uses bit clamping to prevent small-subgroup attacks. But there is no bit clamping in this implementation. Does the threshold EdDSA subject to Small-subgroup attack?