Open sander opened 1 month ago
Alternatively, provide HDK-Export-Base-Dlog-Blind so that the PoA method could be specified separately.
Discussed 2024-08-19: Sander writes draft, Remco reviews. Need to see what makes the clearest spec, also taking into account that the PoA paper is still a draft. Also note the alternative: the WSCD attests related keys in one document.
Discussed during the 2024-07-29 weekly meeting: at least for multiplicative blinding, we should expose an HDK-Prove-Association function. See Cryptography proposal. For additive blinding, we’d need to prove first that the same security properties ICW, SW1, SW2 hold.