Closed paragonie-security closed 6 months ago
For any given valid signature (R, S), there exists another value (R, n-S) (where n is the order of the curve) that is a valid signature.
(R, S
(R, n-S)
We should mitigate this risk by design.
For any given valid signature
(R, S), there exists another value(R, n-S)(where n is the order of the curve) that is a valid signature.We should mitigate this risk by design.