bitcoin/bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-05-12 12:03:29 +00:00
Code Issues Releases Wiki Activity

Update bip-0374.mediawiki

Browse Source
This commit is contained in:
leopardracer 2025-04-06 23:22:43 +03:00 committed by GitHub
parent 3ccc59dbdb
commit f64e8255c6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bip-0374.mediawiki
View File

@ -74,7 +74,7 @@ The algorithm ''GenerateProof(a, B, r, G, m)'' is defined as:
* Let ''C = a⋅B''. * Let ''C = a⋅B''.
* Let ''t'' be the byte-wise xor of ''bytes(32, a)'' and ''hash<sub>BIP0374/aux</sub>(r)''. * Let ''t'' be the byte-wise xor of ''bytes(32, a)'' and ''hash<sub>BIP0374/aux</sub>(r)''.
* Let ''m' = m if m is provided, otherwise an empty byte array''. * Let ''m' = m if m is provided, otherwise an empty byte array''.
* Let ''rand = hash<sub>BIP0374/nonce</sub>(t || cbytes(A) || cbytes(C) || m')''.<ref name="why_include_m_in_rand"> ''' Why include the message in the rand computation?''' Not including the message in the rand compution could leak ''a'' if two proofs were constructed for the same ''a'', ''B'', and ''G'' but a different message ''m'' and an all-zero ''r''.</ref> * Let ''rand = hash<sub>BIP0374/nonce</sub>(t || cbytes(A) || cbytes(C) || m')''.<ref name="why_include_m_in_rand"> ''' Why include the message in the rand computation?''' Not including the message in the rand computation could leak ''a'' if two proofs were constructed for the same ''a'', ''B'', and ''G'' but a different message ''m'' and an all-zero ''r''.</ref>
* Let ''k = int(rand) mod n''. * Let ''k = int(rand) mod n''.
* Fail if ''k = 0''. * Fail if ''k = 0''.
* Let ''R<sub>1</sub> = k⋅G''. * Let ''R<sub>1</sub> = k⋅G''.