Nostr Web Client

I learned something really cool the other day: There is an attack on signature schemes called the "blinding attack". It basically abuses what we cherish in ecash: blind signatures.

The gist is the following: You can make someone sign a "bad message" M (example: "I confirm that I'm stupid") if you can find a blinding factor r such that r*M looks like an "good message" (like "I'm very smart").

You get a signature on the blinded message r*M and can unblind the signature (very much like in Cashu) to get a signature on the unblinded bad message M – and now everyone thinks you're stupid!

Reply to this note

Please Login to reply.

Discussion

Big Barry Bitcoin 2y ago

Interesting, but I would have thought getting a factor r that convers "I'm very smart" to "I confirm that I'm stupid" would be basically impossible to find.

Is there a shortcut being used (e.g. a weak encryption algorithm) to make this a reality?

Or are they really saying "sign this hash for me" and people are saying "okay!".

Mind you, a mint will sign anything. That's pretty interesting imo.

Natalia 2y ago

No idea what this means, but it sounds scary.

sudocarlos 2y ago

I actually am stupid, so I didn't follow that too well. Are you saying you construct two messages (M1 and M2) such that r*M1 and r*M2 both = same thing?

Jimmy 2y ago

How dose one find useful bad messages?