--- Day changed Fri Dec 15 2017
00:36 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
02:21 < arubi> right, much better to look at this not at 2AM :).  for 's = 1/k * (z + r*d)', a verifier can replace 'k = d + offset + tweak' and solve for d easily.
02:29 < gmaxwell> arubi: the way to have a better intution about these things is that security from these kinds of algebraic signatures comes from a degress of freedom restriction.
02:30 < gmaxwell> if you add anything 'known' without adding an 'unknown' you usually break the security.
02:33 < arubi> yea that's the intuition I'm trying to get at.  for this specific CKDpub thing, I just never thought to count the offsets like that even though that's very clearly the way that the child keys are derived
02:35 < arubi> of course this weakness is unrelated to derivation specifically, just the public knowledge about the offset itself is enough
02:35 < gmaxwell> another red flag would be getting an amazing improvement, e.g. if what you thought worked, nonce could be set to  P+G*H(pubkey||message) and the signature size could be halved.
02:39 < arubi> I guess there's little chance of a recoverable public nonce heh
02:41 < arubi> well, at least verifymessage is already "accepting" of extra stuff appended to the signature. seems to just ignore it right now so the following still works :
02:41 < arubi> testnet-cli verifymessage n2ypoEfMt44vgJyx9EqBYuCc6CsB4Ce8VL IIF3wnPE2eRV4KtGddHS4Uaes7Mvy08u441Qyr7ZJH8NKwYowdFDXWeWhtUjKhf1bes/ZhL3HC2XvbggoFtkC88===AoeEdii8aNG7domOy1wQgWlx73mDzm9Fdf/EqBTvkpjt "let's soft fork signmessage"
03:01 -!- jtimon [~quassel@37.134.31.164] has quit [Ping timeout: 256 seconds]     
03:06 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Remote host closed the connection]     
03:07 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1     
05:22 -!- Lightsword [~Lightswor@2604:a880:1:20::1d3:9001] has quit [Ping timeout: 240 seconds]     
05:25 -!- Lightsword [~Lightswor@107.170.253.193] has joined #secp256k1     
07:41 -!- Guest63251 is now known as indutny     
09:17 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Ping timeout: 248 seconds]     
09:25 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1     
11:37 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has joined #secp256k1     
12:28 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Quit: hdevalence]     
12:34 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has joined #secp256k1     
13:15 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Remote host closed the connection]     
13:24 -!- jtimon [~quassel@164.31.134.37.dynamic.jazztel.es] has joined #secp256k1     
14:00 -!- andytoshi [~apoelstra@96.53.77.134] has joined #secp256k1     
14:01 -!- andytoshi [~apoelstra@96.53.77.134] has quit [Changing host]     
14:01 -!- andytoshi [~apoelstra@unaffiliated/andytoshi] has joined #secp256k1     
15:04 -!- hdevalence_ [~hdevalenc@198-27-130-210.static.sonic.net] has joined #secp256k1     
15:04 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Read error: Connection reset by peer]     
15:04 -!- hdevalence_ is now known as hdevalence     
15:08 -!- hdevalence [~hdevalenc@198-27-130-210.static.sonic.net] has quit [Client Quit]     
15:08 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has joined #secp256k1     
15:12 -!- hdevalence_ [~hdevalenc@198.27.130.210] has joined #secp256k1     
15:13 -!- hdevalence [~hdevalenc@199-188-193-243.PUBLIC.monkeybrains.net] has quit [Read error: Connection reset by peer]     
15:13 -!- hdevalence_ is now known as hdevalence     
15:13 -!- hdevalence [~hdevalenc@198.27.130.210] has quit [Client Quit]     
18:57 -!- jtimon [~quassel@164.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 265 seconds]     
19:11 -!- mryandao [~mryandao@unaffiliated/mryandao] has joined #secp256k1     
19:28 -!- mryandao [~mryandao@unaffiliated/mryandao] has left #secp256k1 []     
21:56 -!- gmaxwell [gmaxwell@wikimedia/KatWalsh/x-0001] has quit [Ping timeout: 240 seconds]     
21:57 -!- gmaxwell [gmaxwell@mf4-xiph.osuosl.org] has joined #secp256k1     
21:58 -!- gmaxwell is now known as Guest37758     
22:27 -!- maaku [~maaku@173.234.25.100] has quit [Quit: ZNC - http://znc.in]     
22:34 -!- maaku [~maaku@173.234.25.100] has joined #secp256k1     
22:51 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Remote host closed the connection]     
22:51 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1     
23:13 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Remote host closed the connection]     
23:14 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1     
23:23 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Ping timeout: 248 seconds]     
23:23 -!- Guest37758 [gmaxwell@mf4-xiph.osuosl.org] has quit [Changing host]     
23:23 -!- Guest37758 [gmaxwell@wikimedia/KatWalsh/x-0001] has joined #secp256k1     
23:24 -!- Guest37758 is now known as gmaxwell     
23:24 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1