prevention of PK recovery with two signatures on the same message

plume-sig / zk-nullifier-sig

Implementation of PLUME: nullifier friendly signature scheme on ECDSA

MIT License

128 stars 22 forks source link

prevention of PK recovery with two signatures on the same message #101

Open skaunov opened 4 months ago

skaunov commented 4 months ago

          I totally trust you just trying to understand.

Deterministic as "to know c beforehand of signing"; or is it just the fact that V2 wouldn't work since it lacks the point $r$ value? Or something else?

I mean I kind of don't see yet the essential difference if signer adds to the message point $r$ instead of the info/data you mentioned. :thinking:

_Originally posted by @skaunov in https://github.com/plume-sig/zk-nullifier-sig/pull/98#discussion_r1500665980_

skaunov commented 2 months ago

Ah, I guess I got that. Signer must be not able to produce two different signatures on the same message with the same key. :grey_question: