The microblog: 2016.07.09 21:04:43

2016.07.09 21:04:43 (751854615646396416) from Daniel J. Bernstein, replying to "Trevor Perrin (@trevp__)" (751774169012924419):

Happy to hear that the key isn't attached to the ciphertext. The paper still sounds wrong to me; should clarify. @trevp__ @sweis @alexstamos


2016.07.09 01:47:06 (751563292548620289) from "Steve Weis (@sweis)":

Do you mean the franking? That's the MAC of a user-encrypted ciphertext.

2016.07.09 12:25:37 (751723978386014208) from Daniel J. Bernstein, replying to "Steve Weis (@sweis)" (751563292548620289):

If it's ciphertext then how can it be reported? Sounds like they want a commitment to the plaintext M: e.g. SHA-256(R,M). @sweis @alexstamos

2016.07.09 15:45:03 (751774169012924419) from "Trevor Perrin (@trevp__)":

That's what this is (commitment with R = Nf). Whitepaper is clear on this.