You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Couldn't find a mention of the size of (e,s), which I think is good because it depends on the size of the hash function (can realistically be from 48 bytes to 160 bytes)
@elichai The point is that under ROM+DL, Schnorr signatures can be proven 128-bit secure with just a 128-bit hash function (however, that model also actually requires a 384-bit group for 128-bit security). See http://www.neven.org/papers/schnorr.html.
sipa
changed the title
bip-schnorr: mention that (e,s) signatures can be 96 bytes
bip-schnorr: mention that (e,s) signatures can be 48 bytes
Oct 15, 2019
Also mention GGM+preimage resistance based proof.
The text was updated successfully, but these errors were encountered: