goldbe
commented
7 years ago Added this as a comment to VRF draft but did not actually implement the change. Waiting for someone else to do this so I don't screw up any EC point to octet conversion.
Closed goldbe closed 7 years ago
goldbe
commented
7 years ago Added this as a comment to VRF draft but did not actually implement the change. Waiting for someone else to do this so I don't screw up any EC point to octet conversion.
goldbe
commented
7 years ago 
fcelda
commented
7 years ago Fixed in 455440a304457df6a5b3a64ca4bb1cf75621b57a
"otherwise you get into weird issues with the RO proof of pseudorandomness not composing for multiple copies of the same VRF with different PKs, because you have to program the RO in different ways that may contradict each other. Generally, hashing PK is good hygiene -- like salting hashes. Aside from proof issues, it simply makes attacker's job harder because you have to attack per PK, and precompute some crazy table once and for all."