You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Have you maybe considered using a hash of the URL for e, the RSA public exponent?
Like, if we want to sign the equivalent of "this blinded nonce touched me, on the way to URL" we could do:
e = 1 | hash(URL) | 1 # we concatenate a 1 bit at the start to make sure all exponents are of equal length, and at the end to make sure the exponent is odd
d = e^-1 % phi(N)
signature = (nonce^d % N, URL)
Obviously I don't have a security proof, but it "seems" secure, right? Hope this helps :-)
The text was updated successfully, but these errors were encountered:
Have you maybe considered using a hash of the URL for e, the RSA public exponent?
Like, if we want to sign the equivalent of "this blinded nonce touched me, on the way to URL" we could do:
e = 1 | hash(URL) | 1 # we concatenate a 1 bit at the start to make sure all exponents are of equal length, and at the end to make sure the exponent is odd
d = e^-1 % phi(N)
signature = (nonce^d % N, URL)
Obviously I don't have a security proof, but it "seems" secure, right? Hope this helps :-)
The text was updated successfully, but these errors were encountered: