posk is "proof of secret key". so you cannot use wagner to select R
On Mon, Jul 24, 2023 at 1:59 PM AdamISZ via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> @ZmnSCPxj:
>
> yes, Wagner is the attack you were thinking of.
>
> And yeah, to avoid it, you should have the 3rd round o
Thanks for the replies. As I understand it, the v=2 nonces signing protocol
of musig2 prevents the Wagner attack. Also, that the challenge value c must
be blinded from the server to prevent the server from being able to
determine the signature from the on-chain state.
In addition, in order to upda
Hello,
I am writing to you today because I am concerned about a significant bug that
seems to be overlooked in recent versions of the software. The bug in question
concerns the "inscriptions" developed by @rodarmor, and it worries me because,
in just a few months, they have already reached a si
