From 04dae8ce7f4eec86022ca08241dfc55cbcef0b00 Mon Sep 17 00:00:00 2001 From: claylock Date: Thu, 26 Oct 2023 19:25:20 +0000 Subject: [PATCH] Edited ch08_signatures.adoc with Atlas code editor --- ch08_signatures.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ch08_signatures.adoc b/ch08_signatures.adoc index 678153db..5ed22326 100644 --- a/ch08_signatures.adoc +++ b/ch08_signatures.adoc @@ -635,7 +635,7 @@ The preceding protocol has several security problems. Most notable is that one party might learn the public keys of the other parties before committing to their own public key. For example, Alice generates her public key _yG_ honestly and shares it with Bob. Bob generates his public key -using _zG_ – _yG_. When their two keys are combined (_yG_ + _zG_ – _yG_), the +using _zG_ – _yG_. When their two keys are combined [.keep-together]#(_yG_ + _zG_ – _yG_),# the positive and negative _yG_ terms cancel out so the public key only represents the private key for _z_ (i.e., Bob's private key). Now Bob can create a valid signature without any assistance from Alice. This is ((("key cancellation attacks")))called a