New blog post on Wagner's attack:
@stevenroose Not out yet.
You've probably already seen.
Btw I think this article on a quick first read is really excellent, the angle taken is very different from mine: Jonas is taking people through, in a very concrete way, the weakness that exists in deviating from the exact 3-step protocol in musig due to Wagner's attack. Love the diagrams in particular.
@waxwing Ah yeah it's a written version of his talk at the Lightning Conference because it was not recorded (1st floor room).
I followed the talk, but I'm gonna give this another read as well :)
@stevenroose Yup. I was there too :) I intro-ed my blog by referencing it actually. It was excellently delivered but there was nowhere near enough time (see my anecdote about the question at the end).
@waxwing Those cryptographic protocols and subtleties make me scared 😅
@stevenroose Couldn't agree more. Wagner is terrifying in a way, because it would never have occurred to me (just being honest - in hindsight adding extra DOFs is bound to make it easier!).
But what really motivated me to write about it was the whole 'doesn't work in DLP hard groups' thing; if that wasn't true then basically all the EC public key crypto we use would be bust.
(instance image by мøтħer ¢røω)