Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1X8MPe-0001RQ-CO for bitcoin-development@lists.sourceforge.net; Sat, 19 Jul 2014 04:38:22 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.219.43 as permitted sender) client-ip=209.85.219.43; envelope-from=voisine@gmail.com; helo=mail-oa0-f43.google.com; Received: from mail-oa0-f43.google.com ([209.85.219.43]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1X8MPd-0007bi-JR for bitcoin-development@lists.sourceforge.net; Sat, 19 Jul 2014 04:38:22 +0000 Received: by mail-oa0-f43.google.com with SMTP id i7so4667329oag.30 for ; Fri, 18 Jul 2014 21:38:16 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.60.161.136 with SMTP id xs8mr13150098oeb.42.1405744696118; Fri, 18 Jul 2014 21:38:16 -0700 (PDT) Received: by 10.60.169.109 with HTTP; Fri, 18 Jul 2014 21:38:16 -0700 (PDT) In-Reply-To: References: Date: Fri, 18 Jul 2014 21:38:16 -0700 Message-ID: From: Aaron Voisine To: Gregory Maxwell Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (voisine[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1X8MPd-0007bi-JR Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Small update to BIP 62 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jul 2014 04:38:22 -0000 Well, you could always create a transaction with a different signature hash, say, by changing something trivial like nLockTime, or changing the order of inputs or outputs. Is that what you're talking about? Or is there some sophistry I'm ignorant of having to do with the elliptic curve math in the signature itself? Aaron Voisine breadwallet.com On Fri, Jul 18, 2014 at 6:28 PM, Gregory Maxwell wrote: > On Fri, Jul 18, 2014 at 3:03 PM, Aaron Voisine wrote: >>> 9. New signatures by the sender >> >> I'm not suggesting it be required, but it would be possible to >> mitigate this one by requiring that all signatures deterministically >> generate k per RFC6979. I'm using this in breadwallet. > > Nope. > > Your homework assignment is to explain why. :)