--- Log opened Mon Nov 04 00:00:55 2019
00:20 -!- jonatack [~jon@lfbn-bay-1-242-229.w83-193.abo.wanadoo.fr] has quit [Ping timeout: 268 seconds]
00:22 -!- jonatack [~jon@54.76.13.109.rev.sfr.net] has joined #secp256k1
00:44 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 245 seconds]
00:48 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1
05:25 -!- jonatack [~jon@54.76.13.109.rev.sfr.net] has quit [Ping timeout: 268 seconds]
08:22 -!- jonatack [~jon@2a01:e35:8aba:8220:6627:dad:d967:649d] has joined #secp256k1
08:31 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
08:36 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 264 seconds]
10:24 < elichai2> "ngg18_keygen_client.rs, we can see that the shared key is created by adding the public points together" (from an audit of a crypto library that uses libsecp... (a problem in their impl not in secp))
10:24  * elichai2 facepalm
10:24 < sipa> is it related to https://bitcoin.stackexchange.com/questions/91256/is-it-possible-to-add-two-secp256k1-points-to-get-a-shared-key ?
10:27 < elichai2> sipa: don't think so https://github.com/KZen-networks/multi-party-ecdsa/blob/master/audits/REPORT_final_2019-10-22.pdf
10:28 < gmaxwell> 'kzen' stuff was all broken and insecure when I looked at it previously, vulnerable to cancellation and wagner attack
10:29 < gmaxwell> oh man, it's "ECDH" was just "we add the points" (the code snippit in the report makes it clear that the text means what it says!)
10:30 < elichai2> yeah... that's not just wagner's attack... that's just wat...
10:39 < sanket1729> I wonder why that's marked "medium severity". Seems like a critical bug if anyone can compute a AES secret key.
10:41 < gmaxwell> "Currently the AES encryption keys used to establish a secure channel between all pairs
10:41 < gmaxwell> of peers in the multi-party key generation client"
10:41 < gmaxwell> so-- yeah, sounds like thats a total break.
10:41 < gmaxwell> unless "network observer" isn't part of your attack model.
10:42 < sipa> in that case you can just have one party generate the key randomly and announce "hey the AES key is X"
10:43 < elichai2> sipa: or just hard code the key in the code :P
10:58 -!- reallll [~belcher@unaffiliated/belcher] has joined #secp256k1
11:00 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
11:01 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 240 seconds]
11:05 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Read error: Connection reset by peer]
11:06 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
11:10 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Read error: Connection reset by peer]
11:10 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
11:15 -!- reallll is now known as belcher
11:21 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Read error: Connection reset by peer]
11:21 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
11:31 -!- ddustin_ [~ddustin@unaffiliated/ddustin] has joined #secp256k1
11:34 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 240 seconds]
17:27 -!- ddustin_ [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
17:28 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
17:33 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 265 seconds]
18:49 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
22:28 -!- ddustin_ [~ddustin@unaffiliated/ddustin] has joined #secp256k1
22:31 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 252 seconds]
22:37 -!- instagibbs [~instagibb@pool-71-178-191-230.washdc.fios.verizon.net] has quit [Ping timeout: 276 seconds]
22:49 -!- instagibbs [~instagibb@pool-71-178-191-230.washdc.fios.verizon.net] has joined #secp256k1
--- Log closed Tue Nov 05 00:00:57 2019