The link in BIP 340 to Schnorr’s 2001 paper “Security of Blind Discrete Log Signatures Against Interactive Attacks” is broken.
This fixes it with an updated link (at the same domain).
The link in BIP 340 to Schnorr’s 2001 paper “Security of Blind Discrete Log Signatures Against Interactive Attacks” is broken.
This fixes it with an updated link (at the same domain).
232@@ -233,7 +233,7 @@ Adaptor signatures, beyond the efficiency and privacy benefits of encoding scrip
233
234 === Blind Signatures ===
235
236-A blind signature protocol is an interactive protocol that enables a signer to sign a message at the behest of another party without learning any information about the signed message or the signature. Schnorr signatures admit a very [https://www.math.uni-frankfurt.de/~dmst/research/papers/schnorr.blind_sigs_attack.2001.pdf simple blind signature scheme] which is however insecure because it's vulnerable to [https://www.iacr.org/archive/crypto2002/24420288/24420288.pdf Wagner's attack]. A known mitigation is to let the signer abort a signing session with a certain probability, and the resulting scheme can be [https://eprint.iacr.org/2019/877 proven secure under non-standard cryptographic assumptions].
237+A blind signature protocol is an interactive protocol that enables a signer to sign a message at the behest of another party without learning any information about the signed message or the signature. Schnorr signatures admit a very [http://publikationen.ub.uni-frankfurt.de/files/4292/schnorr.blind_sigs_attack.2001.pdf simple blind signature scheme] which is however insecure because it's vulnerable to [https://www.iacr.org/archive/crypto2002/24420288/24420288.pdf Wagner's attack]. A known mitigation is to let the signer abort a signing session with a certain probability, and the resulting scheme can be [https://eprint.iacr.org/2019/877 proven secure under non-standard cryptographic assumptions].