Why are you guys spamming the SDC thread and Slack?
I don't see any spamming in the thread... I posted the 'fix' to SDCs anonymity bug because it concerns SDC, does it not?
What I posted is very relevant to SDC. It's not like I was talking about rainbows and butterflies.
SDC looks to be converging on a reasonable fix, but not a recommended one.
Originally, they took the scalar hash then multiplied it by the private key and then used it for the scalar multiple of the group generator (two different types of "multiply" here but I didn't invent this convention). Math looks like
I = H(K_i)xG
That was the very wrong way.
Now they take an arbitrary point on the curve by hashing the time stamp, trying to map it to a point, then using that point as a generator. This takes advantage of the fact that all curve points on a prime field can be full generators. The new generator is G*
I = H(K_i)xG*
There is a relationship between G and G*, namely one is a multiple of the of the other:
G = aG*
But in this case G* is "unknown log", so G is protected by discrete log hardness.
In general, however, it is not good to try to use a generator to hash scalars to a curve. They already learned this lesson once.