When you double your public key in the first 3 minutes aren’t you still giving away half you private key every time you sign? I can’t see why extending the public key to 32 bytes would allow for 1 more use.
I came to the same conclusion and I'm very confused. If I reveal part of the private key, anyone can forge thart part of the signature for any message.
you are simply adding 16 bits so you can add 1 more variable which you use to denote what TYPE of key the next 16 bits are describing. Kind of like taking 1 glass, and adding a multiplier by color.
I think it's because you have the 0 row and the 1 row. You've got these 2 rows by concatenating the original 16 kB private key with 0/1. Now we can use the values from the private keys, let's say privKey_1 [ 0 ] = alpha. now you can have a pubKey_alpha where the values of this key are generated by hashing alpha with the respective indexes. so pubKey_alpha [0] = hash (alpha, 0). I might be wrong. but this is sort of an understanding that I have. Now if you need to verify, you could just add bits to the signature which declares which index and which row of the private key were used so that I can refer to that publicKey in my available directory.
i dont understand why signature for a 32 byte would have an 8K byte signature? i think whats not clear to me, is that if u use 32 byte secretkey. we should actually have a 16 byte signature. but if my public key is 16kb. during verification, why would my signature size increase? when im literally just comparing each block of public key selected(depending on the hash of my message whether its 0 or 1, i would eventually get a 8 kb temp "object"). now just use the hash with index on signature right?
I'm not getting most of the stuff, but I'm trying to assimilate atleast a bit. I have forgotten most stuff cos I was studying biology, brain and stuff.
Such a great initiative by MIT to spread all this knowledge for free around the globe. Bless you guys!
I feel like I'm watching Dora the explorer whenever I yell out the answer to the screen, great content, thank you!
On the elliptic curves, G is called the Generator Point because the repeated addition of G to itself generate all the numbers in the cyclic group.
Generate all the 'points' not numbers, right?
@@nomad7935
Correct. I thought of numbers because in bitcoin we almost always discard the y coordinate.
Oh group theory. how I miss you.
Tadge is awesome.
He is super awesome, kinda the person I wanna be if I ever give a lecture!
With RSA ... one needs to mind one's Ps and Qs,
When you double your public key in the first 3 minutes aren’t you still giving away half you private key every time you sign?
I can’t see why extending the public key to 32 bytes would allow for 1 more use.
Basically I’m asking the same question the student was asking around seven minutes.
I came to the same conclusion and I'm very confused. If I reveal part of the private key, anyone can forge thart part of the signature for any message.
you are simply adding 16 bits so you can add 1 more variable which you use to denote what TYPE of key the next 16 bits are describing. Kind of like taking 1 glass, and adding a multiplier by color.
I couldn't find the signatures.go file that's reqd for the assignment. Can someone help?
In the first 3 minutes, both private key and public key sizes are doubled.
Where can i find the presentation for lecture 3? Because on the website it poitns me to lecture 4.
Anyway great series,
Thanks for the note! We will check into it.
@@mitocw Thanks let me know :D
Edit: I found them
github.com/mit-dci/mas.s62/blob/master/slides/lec03-tadge.pdf
@@mitocw Yes, Lectures 3 and 4 got the same set of slides at OCW site.
How is it at 12:00 that we have a 32-byte private key?
I think it's because you have the 0 row and the 1 row. You've got these 2 rows by concatenating the original 16 kB private key with 0/1.
Now we can use the values from the private keys, let's say privKey_1 [ 0 ] = alpha.
now you can have a pubKey_alpha where the values of this key are generated by hashing alpha with the respective indexes. so pubKey_alpha [0] = hash (alpha, 0).
I might be wrong. but this is sort of an understanding that I have. Now if you need to verify, you could just add bits to the signature which declares which index and which row of the private key were used so that I can refer to that publicKey in my available directory.
i dont understand why signature for a 32 byte would have an 8K byte signature?
i think whats not clear to me, is that if u use 32 byte secretkey. we should actually have a 16 byte signature. but if my public key is 16kb. during verification, why would my signature size increase? when im literally just comparing each block of public key selected(depending on the hash of my message whether its 0 or 1, i would eventually get a 8 kb temp "object"). now just use the hash with index on signature right?
Thank you MIT
35:00 the slide is wrong, it should read P+Q=R
I'm not getting most of the stuff, but I'm trying to assimilate atleast a bit.
I'm not getting most of the stuff, but I'm trying to assimilate atleast a bit. I have forgotten most stuff cos I was studying biology, brain and stuff.
where can i find pset01?? the assignment?
The course materials are on MIT OpenCourseWare at: ocw.mit.edu/MAS-S62S18. Best wishes on your studies!
13:01