Thomas Bellebaum
Thomas Bellebaum
I should mention that the above current method should result in the same kid for keys with the same coordinates in different curves. I am unsure whether or not that...
Just to pin this here, so any related issues can be pointed to this issue. Some upcoming specifications increasingly rely on this form of `kid`s as entity identifiers: - https://datatracker.ietf.org/doc/draft-ietf-oauth-jwk-thumbprint-uri/...
Adding some references for further reading to our implementation: ### Sign We would like to hash the generators into the domain [here](https://github.com/Fraunhofer-AISEC/libbbs/blob/553a0dab50b1ac95b2c8bf177d3f6a7c20a71b92/src/bbs.c#L283-L285) But since at that point we also need...
Hello Andrew, that is great to hear. I have also proposed an alternative [on the CFRG mailing list](https://mailarchive.ietf.org/arch/msg/cfrg/w2Tw5F2sWLHk6aQbML_M2MScHnc/), which would be even more efficient, because it need not hash the...
Let me unravel the value of `T2` in the current draft. Inlining a bunch of calculations in `ProofVerifyInit`, I get that ``` T2 = P1 * s0 + Q_1 *...
Hello Vasilis :) > You already noted the use of range proofs. Consider also the case of [pseudonyms](https://basileoskal.github.io/bbs-per-verifier-id/draft-vasilis-bbs-per-verifier-linkability.html)[^1]. The prover will be able to use a different pseudonym by forging...
Actually, here is a quick proof-like argument for why hashed scalar values do not need to be added to the challenge hash: Pick any bound `b` on the number of...
> (note also that we allow for 2^64 messages to be signed. The adversaries goal can then be to find a suitable si * c^-1 for any 1 =< i...
@csuwildcat This seems fine as long as all you are doing is decoding and accessing nested objects. However, this way of thinking needs to be combined with some semantic information...
I was trying to do something briefly today, but decided that this will probably take more time than I can spend right now, so I am focussing on existing challenges...