Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 980D61014 for ; Mon, 22 Jan 2018 15:01:34 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.sldev.cz (mail.sldev.cz [51.254.7.247]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E1007284 for ; Mon, 22 Jan 2018 15:01:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.sldev.cz (Postfix) with ESMTP id 7F89AEBA0; Mon, 22 Jan 2018 15:27:19 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.sldev.cz Received: from mail.sldev.cz ([127.0.0.1]) by localhost (mail.sl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o9X0rk-1T752; Mon, 22 Jan 2018 15:27:19 +0000 (UTC) Received: from localhost.localdomain (unknown [10.8.8.156]) by mail.sldev.cz (Postfix) with ESMTPSA id 26239EB9F; Mon, 22 Jan 2018 15:27:19 +0000 (UTC) From: =?UTF-8?Q?Ond=c5=99ej_Vejpustek?= To: Gregory Maxwell References: <51280a45-f86b-3191-d55e-f34e880c1da8@satoshilabs.com> <4003eed1-584f-9773-8cf9-6300ebd1eac6@satoshilabs.com> Message-ID: Date: Mon, 22 Jan 2018 16:00:25 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 22 Jan 2018 15:02:19 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jan 2018 15:01:34 -0000 > > My post provided a concrete example. I'd be happy to answer any > questions about it, but otherwise I'm not sure how to make it more > clear. My apologies, I didn't read it carefully. You are absolutely right. Our scheme doesn't protect against the scenario. > Quite the opposite-- a large block cipher is a standard > construction I'm happy to hear it. Nevertheless, I didn't find any standartisation or implementation of the CMC mode (excluding the paper). Do you have some experience with other modes (such as HCTR, HEH)?