You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PKCS1 1.5 is vulnerable for encryption/decryption but there seems to be disagreement whether it is safe for signatures. It could be replaced by RSA PSS but the lottery mechanism will need to be rewritten, since we know use the deterministic property of PKCS1 v1.5, will need to be rewritten.
Instead of $$Difficulty \leq Tickets\cdot H(Sig_{sk}(Lottery||seed))$$
perhaps $$Difficulty \leq Tickets\cdot H(Lottery||seed||pk)$$ and along with that a signed $Sig_{sk}(H(Lottery||seed||pk))$ to verify that it is not an adversary who posted the block for another peer.
Or maybe even use ECDSA instead.
PKCS1 1.5 is vulnerable for encryption/decryption but there seems to be disagreement whether it is safe for signatures. It could be replaced by RSA PSS but the lottery mechanism will need to be rewritten, since we know use the deterministic property of PKCS1 v1.5, will need to be rewritten.
$$Difficulty \leq Tickets\cdot H(Sig_{sk}(Lottery||seed))$$ $$Difficulty \leq Tickets\cdot H(Lottery||seed||pk)$$ and along with that a signed
$Sig_{sk}(H(Lottery||seed||pk))$ to verify that it is not an adversary who posted the block for another peer.
Instead of
perhaps
Or maybe even use ECDSA instead.
On safety of PKCS1-SSA v1.5:
[1] https://datatracker.ietf.org/doc/html/rfc8017
[2] https://eprint.iacr.org/2018/855.pdf
The text was updated successfully, but these errors were encountered: