S
str👻d
@str4d.xyz
Cryptography, privacy, zero knowledge, Rust, gaming, hardware hackery, consumer of art. He/him.
str4d.xyz
abyssdomain.expert/@str4d
twitter.com/str4d
age18f63qx4gk8x7p4lfuwwglqcan7snvp406q5vmk26g9fmpe9c799qqzzr3w
9.9k followers337 following2.2k posts
Signal is deploying ristretto255 as part of their usernames feature! 🔐 They appear to be using a Pedersen hash over the ristretto255 group, along with a Sigma/Schnorr Proof-of-Knowledge of its correctness, to hide usernames from the Signal servers.
Any idea why they use this pedersen hash nickname*G1 + discriminator*G2 + H(nickname, discriminator)*G3 rather than just H(nickname, discriminator)*G along with a simple Schnorr proof? I can’t think of any properties the former gives over the latter
For context, the RFC for ristretto255 was finally published a few months back: www.rfc-editor.org/rfc/rfc9496....
But they can presumably bruteforce search them?
S
str👻d
@str4d.xyz
Cryptography, privacy, zero knowledge, Rust, gaming, hardware hackery, consumer of art. He/him.
str4d.xyz
abyssdomain.expert/@str4d
twitter.com/str4d
age18f63qx4gk8x7p4lfuwwglqcan7snvp406q5vmk26g9fmpe9c799qqzzr3w
9.9k followers337 following2.2k posts