Open paulmillr opened 1 year ago
Not sure if the low-level library is the best place for such API, but at least some primitives need to be implemented for the anti-klepto protocol.
hot->cold: sha(k_hot) cold->hot: kP_cold = hash(tx, privkey, sha(k_hot)) * G hot->cold: k_hot cold->hot: signed_tx hot: verify tx.R == kP_cold + k_hot*G
https://shiftcrypto.ch/blog/anti-klepto-explained-protection-against-leaking-private-keys/, https://github.com/bitcoin-core/secp256k1/pull/637
Disadvantage: user may erroneously sign 2 txs, producing different non-deterministic nonces, and push those txs, which will leak their private key.
Not sure if the low-level library is the best place for such API, but at least some primitives need to be implemented for the anti-klepto protocol.
https://shiftcrypto.ch/blog/anti-klepto-explained-protection-against-leaking-private-keys/, https://github.com/bitcoin-core/secp256k1/pull/637