arno/bitcoinbook
1
0
Fork 0
mirror of https://github.com/bitcoinbook/bitcoinbook synced 2025-01-11 16:20:57 +00:00
Code Issues Releases Wiki Activity

Edited ch08_signatures.adoc with Atlas code editor

Browse Source
This commit is contained in:
clenser 2023-10-19 13:10:18 +00:00
parent e9372d39fb
commit 4e24b9ff43
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ch08_signatures.adoc
View File

@ -601,7 +601,7 @@ Alice and Bob need to derive the public key for +x+, which is +xG+.
Since it's possible to use elliptic curve operations to add two EC
points together, they start by Alice deriving +yG+ and Bob deriving
+zG+. They then add them together to create +xG = yG + zG+. The point
+xG+ is their _aggregated public key_. To create a signature, they begin the
+xG+ is ((("aggregated public keys")))((("public keys", "aggregated")))their _aggregated public key_. To create a signature, they begin the
simple multisignature protocol:
1. They each individually choose a large random private nonce, +a+ for
@ -632,7 +632,7 @@ to their own public key. For example, Alice generates her public key
using +zG - yG+. When their two keys are combined (+yG + zG - yG+), the
positive and negative +yG+ terms cancel out so the public key only represents
the private key for +z+, i.e., Bob's private key. Now Bob can create a
valid signature without any assistance from Alice. This is called a
valid signature without any assistance from Alice. This is ((("key cancellation attacks")))called a
_key cancellation attack_.
There are various ways to solve the key cancellation attack. The