--- Log opened Wed Jan 29 00:00:23 2020
00:41 < aj> https://github.com/ajtowns/bips/commits/202001-precomp-pubkey <-- draft for #190 on the offchance it's helpful
00:47 < sipa> aj: i think we shouldn't go into the risks of the precomputed pubkeys being wrong; i suspect there are several more problems that we can't enumerate
00:48 < sipa> it should suffice to say that signers must make sure that the precomputed pubkey is correct, and not taken from untrusted sources
01:23 < aj> https://github.com/ajtowns/bips/commit/64f45900362edda99845219973ea7d109d4d7511 maybe
01:55 < elichai2> sipa: I agree with the hesitation of using bip numbers in the tagged hashes. ie I feel people use bip143 too much and it's harder to remember what's what with bip numbers
01:57 < elichai2> aj: I don't think people(me too) would be fine with allowing untrusted pubkeys as inputs, the only possible compromise would be to also input it into the nonce function, and even then it's debatable.
02:01 < aj> elichai2: i could imagine someone getting confused if the secret key's provided by a hardware module and the pubkey's provided externally, at which point having it as input for the nonce means you're just signing for the wrong key rather than also leaking the secret key, but yeah
02:03 < elichai2> yep. and this can be exacerbated fast with bip32 derivations (deriving more keys but accidentally inputting the a seckey with the wrong pubkey)
02:03 < aj> elichai2: hmm, for the exact string to use as input to the hashing function, i feel like looking at the bip is to be expected
02:04 < elichai2> aj: i'm not sure I understand that sentence 
02:15 < aj> elichai2: i figure BIP340 is fine for the tagged hashes, since you want to look at the bip for that anyway to guarantee you're not doing "SchnorrDerive" or schnorrderive" instead of "BIPSchnorrDerive" or whatever the exact spelling is
05:10 -!- real_or_random [~real_or_r@2a02:c207:3002:7468::1] has joined #bitmetas
05:37 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 248 seconds]
06:48 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #bitmetas
07:04 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 248 seconds]
09:08 -!- jonatack [~jon@54.76.13.109.rev.sfr.net] has joined #bitmetas
09:12 -!- jonatack [~jon@54.76.13.109.rev.sfr.net] has quit [Ping timeout: 265 seconds]
09:13 -!- jonatack [~jon@213.152.161.170] has joined #bitmetas
12:57 -!- jonatack [~jon@213.152.161.170] has quit [Ping timeout: 265 seconds]
14:14 -!- meshcollider [meshcollid@209.141.50.204] has quit [Remote host closed the connection]
16:03 -!- meshcollider [meshcollid@gateway/shell/ircnow/x-ljjxmkqlqsykocbq] has joined #bitmetas
16:45 -!- meshcollider [meshcollid@gateway/shell/ircnow/x-ljjxmkqlqsykocbq] has quit [Quit: ZNC 1.7.4 - https://znc.in]
17:05 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #bitmetas
17:33 -!- meshcollider [meshcollid@gateway/shell/ircnow/x-sbtjxckdujyurjue] has joined #bitmetas
19:44 -!- achow101 [~achow101@unaffiliated/achow101] has quit [Ping timeout: 265 seconds]
19:48 -!- achow101 [~achow101@unaffiliated/achow101] has joined #bitmetas
20:16 < aj> sipa: "If ''P := lift_x_square(x)" is missing the _y
20:18 < aj> sipa: "in function of" reads weird to me, "in terms of" maybe?
20:51 < sipa> aj: fixed
--- Log closed Thu Jan 30 00:00:24 2020