--- Day changed Sat Jul 01 2017
00:16 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
05:15 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Remote host closed the connection]     
05:21 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
12:47 < jonasschnelli> Russell O'Connor mentioned: "For some very rare signature values with small r values there is more than one x-coordinate that will correspond to it. This doubles the number of possible public keys for those cases."
12:47 < jonasschnelli> Does libsecp256k1 has the risk to produce such signatures?
12:47 < jonasschnelli> (recovarable signatues)
12:47 < jonasschnelli> *risk of producing
12:48 < sipa> it deals with them correctly
12:48 < sipa> but it's astronomically unlikely to ever hit them
13:05 < jonasschnelli> Thanks!
13:07 < gmaxwell> astronomically unlikely except when intentionally created.
13:08 < arubi> in which case they are 100% secure :P
13:08 < jonasschnelli> hmm... could someone intentionally create a sig that recovers to a pubkey where the private key is owned by the attacker?
13:08 < jonasschnelli> nm     
13:15 < sipa> what? no
13:17 < sipa> explain your scenario
13:25 < jonasschnelli> Had to think about it a bit,... I guess the only damage you can do to an app is trigger a buggy behavior..
13:28 < sipa> also, is this for the thing christopher allen was talking about to me
13:28 < sipa> ?     
13:36 < jonasschnelli> sipa: Yes. I think. The question popped up there...
13:44 < sipa> jonasschnelli: don't use pubkey recovery to decide what to verify against to check if someone owned an output
13:44 < sipa> just give the pubkey as part of the signature
13:59 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Remote host closed the connection]     
14:06 < gmaxwell> Nothing new should be deployed using recovery.
14:07 < gmaxwell> There are potential patent complications with it and it has poor performance. In most cases where people seek to use it, it provides almost no value in any case.
14:09 < sipa> it's also inflexible
14:09 < sipa> can't deal with multisig
14:10 < sipa> or anything but p2pkh outputs in general
14:10 < gmaxwell> yes, that was a general mistaken in the signmessage design.
20:21 -!- echonaut [~echonaut@46.101.192.134] has quit [Remote host closed the connection]     
20:21 -!- echonaut [~echonaut@46.101.192.134] has joined #secp256k1