--- Log opened Thu Mar 24 00:00:34 2022
04:59 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
05:08 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
05:10 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
06:11 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
06:11 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
06:14 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
06:17 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
06:31 -!- DeanWeen is now known as DeanGuss
06:31 -!- DeanGuss [~dean@nonplayercharacter.me] has quit [Changing host]
06:31 -!- DeanGuss [~dean@user/deanguss] has joined #secp256k1
06:47 -!- halosghost [~halosghos@user/halosghost] has joined #secp256k1
07:52 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
07:52 -!- ghost43_ [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
08:01 -!- ghost43_ [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
08:02 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
08:18 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
08:19 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
09:23 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
09:23 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
10:13 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
10:13 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
10:29 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
10:30 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
11:00 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
11:00 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
11:02 < sanket1729> In bip340 signing algorithm, `rand` computation. Why does it hash `rand = hashBIP0340/nonce(t || bytes(P) || m)` depend on secret key? Is it necessary for security?
11:06 < sipa> it doesn't?
11:07 < roconnor> apparently t is the xor of the priveate key with the hash of the ancillary data.
11:08 < sipa> oh, sorry, i was confusing which step you were talking about
11:08 < sipa> yes, of course you want the nonce computation to depend on the private key; otherwise you depend on strong randomness for security
11:09 < sanket1729> But, you commit to the public key with bytes(P)
11:09 < sanket1729> that implicitly commits secret key?
11:09 < sanket1729> nevermind
11:09 < sanket1729> I got it all wrong :P
11:09 < sanket1729> Yes, we need the fresh randomness
11:10 < roconnor> Seems like a good question to me.
11:10 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
11:10 < sanket1729> If we don't commit sk, anyone can compute `rand`
11:10 < sanket1729> But, the question then is why commit bytes(P)
11:10 < roconnor> oops. *lol*
11:11 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
11:12 < sanket1729> I should not using the word commit in the sense of fixing something. It is some source of randomness that attacker does not control
11:12 < sipa> the attacker knows P, of course
11:13 < sipa> i need to read our discussions about this again
11:13 < sipa> as to why P is there
11:14 < roconnor> If I had to speculate the bytes(P) matches the data being signed, and there are some API issues where, to avoid recomputing pubkeys, the signing function takes a pubkey as an argument but doesn't verify that it is the right pubkey for the private key.
11:16 < sipa> https://moderncrypto.org/mail-archive/curves/2020/001012.html
11:19 < sipa> In short: you really want everything that goes into the challenge hash to also go into the nonce hash, otherwise a fault attack (or broken code...) can result in getting two signatures whose challenge hash differs with the same nonce, leaking the private key.
11:20 < sanket1729> Nice, that's really cool. 
11:21 < sipa> So indeed as roconnor points out, this helps in cases there is a mismatch between the provided privkey and pubkey as well.
11:24 < sanket1729> duh, it is already linked in the BIP :( . My bad. I clicked the wrong refernece
12:11 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
12:11 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
12:21 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
12:22 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
12:51 < halosghost> time for another likely-certain-to-be-stupid question :) Is there a sane way of taking a secp256k1_generator and converting it to a secp256k1_pubkey?
12:54 < halosghost> (I know that's vaguely non-sensical, but it would be incredibly useful)
12:54 < halosghost> (which I know is kind of confusing)
12:57 < sipa> Inside the library, that's trivial (they're both just group elements).
12:58 < sipa> Using the API... if you need that, it's a sign you're trying to do something the API isn't designed for, and you really shouldn't be trying to abuse it like that. Instead, write your own module.
13:20 < halosghost> I think I've long-passed that point ☺
13:20 < halosghost> having said that, it's kind of a necessity for timelines
13:20 < sipa> I know. I've told you before.
13:20 < halosghost> haha
13:22 < halosghost> is there even a way to do it with the exposed API?
13:23 < fanquake> Given that it'd be considered abuse. I can't imagine there would be.
13:47 < halosghost> yeah…
13:48 < halosghost> will probably be back later to mull on this further ☺
13:48 -!- halosghost [~halosghos@user/halosghost] has quit [Quit: WeeChat 3.4.1]
14:04 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
14:05 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
14:14 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
14:15 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
16:01 < real_or_random> merging  "Schnorrsig API improvements" (#1089) now, then  "build: stop treating schnorrsig, extrakeys modules as experimental" (#995) is essentially rfm (finally!), but a quick second ACK on the latest commit would help  
16:02 < real_or_random> (by the way, can we have this gribble bot here too? :X who runs it?)
16:17 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
16:17 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
16:20 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
16:21 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
17:06 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
17:06 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
17:21 < robot-dreams> Taking a look at #995
18:07 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
18:08 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
18:28 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
18:29 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
19:02 -!- halosghost [~halosghos@user/halosghost] has joined #secp256k1
19:21 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
19:21 -!- ghost43_ [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
19:30 -!- ghost43_ [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
19:31 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
20:03 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
20:04 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
20:31 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
20:31 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
21:06 -!- halosghost [~halosghos@user/halosghost] has quit [Ping timeout: 240 seconds]
21:10 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
21:11 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
21:15 -!- ghost43_ [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
21:17 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
22:04 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Read error: Connection reset by peer]
22:07 -!- ghost43_ [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
22:08 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
22:08 -!- luke-jr [~luke-jr@user/luke-jr] has joined #secp256k1
22:22 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
22:23 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
23:10 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
23:11 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
23:29 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
23:30 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
--- Log closed Fri Mar 25 00:00:36 2022