I've discovered that someone else is publishing a blog about wagner's attack at about the same time.
Almost like ... a partial collision 😂

@stevenroose medium.com/blockstream/insecur

You've probably already seen.

Btw I think this article on a quick first read is really excellent, the angle taken is very different from mine: Jonas is taking people through, in a very concrete way, the weakness that exists in deviating from the exact 3-step protocol in musig due to Wagner's attack. Love the diagrams in particular.

@waxwing Ah yeah it's a written version of his talk at the Lightning Conference because it was not recorded (1st floor room).
I followed the talk, but I'm gonna give this another read as well :)

@stevenroose Yup. I was there too :) I intro-ed my blog by referencing it actually. It was excellently delivered but there was nowhere near enough time (see my anecdote about the question at the end).

@waxwing Those cryptographic protocols and subtleties make me scared 😅

@stevenroose Couldn't agree more. Wagner is terrifying in a way, because it would never have occurred to me (just being honest - in hindsight adding extra DOFs is bound to make it easier!).

But what really motivated me to write about it was the whole 'doesn't work in DLP hard groups' thing; if that wasn't true then basically all the EC public key crypto we use would be bust.

Sign in to participate in the conversation
unidentified instance

(instance image by мøтħer ¢røω)