I hope that u won't create a "solution" that leaks private key bits. I'm against the changes until I see a formal proof, so u better talk to Jean-Luc.
Well, I understand math behind the change. (Please, spend 5 min, to read original BloodyRookie's post).
The ONLY difference to original sign is that (x-h) is represented correctly.
(and it WON'T leak keys, attacker would STILL need to solve DLP problem in that group:
or in other words, if
s is priv key, what is the difference between
a*s and
a'*s)
I'm going to run NRS with patched Curve from now on.edit: some more explanation here:
https://nextcoin.org/index.php/topic,3915.0.html1. Patch Curve25519 class
2. Patch Crypto class
Option 1, unlike option 2, may lead to problems u can't even imagine. I would patched Crypto...