1. The coordinator can link input-outputs even with the hardcoded key

The client doesn't verify that the unblinded signature is actually a valid RSA signature for the hardcoded public key. The coordinator can still do tagging and link inputs-outputs after output registration.

2.  newNew DoS vector is introduced in the code

If you confirm an input getting a blind sig, and then just time out, you can later use the same unblinded sig in a subsequent session and register an additional output which is a DoS issue.

Related tweets by nothingmuch: https://xcancel.com/not_nothingmuch/status/1937176085461930033

• The coordinator can link input-outputs even with the hardcoded key

1. The coordinator can link input-outputs even with the hardcoded key

The client doesn't verify that the unblinded signature is actually a valid RSA signature for the hardcoded public key. The coordinator can still do tagging and link inputs-outputs after output registration.

• A new DoS vector is introduced in the code

2.  new DoS vector is introduced in the code

If you confirm an input getting a blind sig, and then just time out, you can later use the same unblinded sig in a subsequent session and register an additional output which is a DoS issue.

[/list]

Related tweets by nothingmuch: https://xcancel.com/not_nothingmuch/status/1937176085461930033

• The coordinator can link input-outputs even with the hardcoded key

The client doesn't verify that the unblinded signature is actually a valid RSA signature for the hardcoded public key. The coordinator can still do tagging and link inputs-outputs after output registration.

• A new DoS vector is introduced in the code

If you confirm an input getting a blind sig, and then just time out, you can later use the same unblinded sig in a subsequent session and register an additional output which is a DoS issue.

[/list]

Related tweets by nothingmuch: https://xcancel.com/not_nothingmuch/status/1937176085461930033