I've discovered that someone else is publishing a blog about wagner's attack at about the same time.
Almost like ... a partial collision 😂

Show thread

@stevenroose medium.com/blockstream/insecur

You've probably already seen.

Btw I think this article on a quick first read is really excellent, the angle taken is very different from mine: Jonas is taking people through, in a very concrete way, the weakness that exists in deviating from the exact 3-step protocol in musig due to Wagner's attack. Love the diagrams in particular.

@waxwing Ah yeah it's a written version of his talk at the Lightning Conference because it was not recorded (1st floor room).
I followed the talk, but I'm gonna give this another read as well :)

@stevenroose Yup. I was there too :) I intro-ed my blog by referencing it actually. It was excellently delivered but there was nowhere near enough time (see my anecdote about the question at the end).

@waxwing Those cryptographic protocols and subtleties make me scared 😅

@stevenroose Couldn't agree more. Wagner is terrifying in a way, because it would never have occurred to me (just being honest - in hindsight adding extra DOFs is bound to make it easier!).

But what really motivated me to write about it was the whole 'doesn't work in DLP hard groups' thing; if that wasn't true then basically all the EC public key crypto we use would be bust.

Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!