New blog post on Wagner's attack:
I've discovered that someone else is publishing a blog about wagner's attack at about the same time.
Almost like ... a partial collision 😂
@stevenroose Not out yet.
You've probably already seen.
Btw I think this article on a quick first read is really excellent, the angle taken is very different from mine: Jonas is taking people through, in a very concrete way, the weakness that exists in deviating from the exact 3-step protocol in musig due to Wagner's attack. Love the diagrams in particular.
@waxwing Ah yeah it's a written version of his talk at the Lightning Conference because it was not recorded (1st floor room).
I followed the talk, but I'm gonna give this another read as well :)
@stevenroose Yup. I was there too :) I intro-ed my blog by referencing it actually. It was excellently delivered but there was nowhere near enough time (see my anecdote about the question at the end).
@waxwing Those cryptographic protocols and subtleties make me scared 😅
@stevenroose Couldn't agree more. Wagner is terrifying in a way, because it would never have occurred to me (just being honest - in hindsight adding extra DOFs is bound to make it easier!).
But what really motivated me to write about it was the whole 'doesn't work in DLP hard groups' thing; if that wasn't true then basically all the EC public key crypto we use would be bust.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!