Implement Schnorr signatures in G1 for the proof of knowledge

Question

Implement Schnorr signatures in G1 for the proof of knowledge

Closed this issue 5 years ago · 0 comments

The BLS proof of possession isn't actually a ZKPoK -- you can't rewind to extract the exponent -- so it's not enough to make the security proof work. A Schnorr signature should be used instead