Comments (5)
Not sure about documenting, but unlike tweak_add which you can easily pass the inversion of the point.
Here to commitment includes the point you're adding to, so you can't manufacture an inversion.
And assuming SHA256 is random then the probability of that happening is 1 over the group order
from bips.
I do not see that this tweak function does it. It usually happens inside the function that utilizes this one for the actual commitment procedure.
from bips.
As you can see there's an if, it can definitely fail.
https://github.com/bitcoin-core/secp256k1/blob/master/src/secp256k1.c#L596
https://github.com/bitcoin-core/secp256k1/blob/master/src/eckey_impl.h#L63
from bips.
My comment was related to this:
Here to commitment includes the point you're adding to, so you can't manufacture an inversion.
meaning that the ecp256k1_ec_pubkey_tweak_add
does not commit to the original untweaked value of the public key (which, as far as I have understood, is what you meant in your comment).
Thanks for the links, I have figured out that also b/c of Sipa comment here: bitcoin-core/secp256k1#697
from bips.
Is this resolved?
from bips.
Related Issues (20)
- bip-schnorr/taproot agree on terminology of points HOT 6
- bip-taproot: Add security argument HOT 5
- bip-taproot: Internal pubkey construction seems to be inconsistent. HOT 3
- bip-taproot: Motivation section doesn't address motivation clearly HOT 2
- Diagram under "Constructing and spending Taproot outputs" doesn't show HOT 2
- bip-taproot/tapscript: Prevention length-extension attacks in public key tweaking HOT 6
- bip-schnorr: Euler's criterion
- bip-schnorr: Inaccurate proof of quadratic residuosity HOT 2
- Syntactical issue in taproot footnote 16 HOT 2
- bip-schnorr: Add k values to test-vectors HOT 8
- Avoiding the EC multiplication during signing by using precomputed pubkey data HOT 15
- Squareness vs oddness tie-breaker for public keys HOT 8
- Discussion on power analysis attacks HOT 47
- bip-schnorr: nonce uses hash instead of PRF HOT 2
- Synthetic randomness for batch verification HOT 2
- Clarify relationship between synthetic nonces and anti-covert-channel HOT 1
- BIP340: clarify impact of pre-hashed messages, or support variable-length messages HOT 71
- bip340: Cite malleability issues with other schemes
- bip-340: Reduce size of batch verification randomizers to 128 bits HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bips.