hey guys - I submitted a hackerone report about this some time ago - and as I'm researching a bit more I thought it best to open it for discussion (not looking for a bounty or anything)

In my independent work, I found that using a hex-encoded value of zero to seed privkey generation, generates a private key = rct::identity

after learning some more about algebraic group models (multiplicative).. I'm curious if anyone else sees an issue with a private key = rct::identity... if its not a problem (anonimal gave me a "thanks" on H1, moneromoooo said it was not a vuln but wrote a soft-check into codebase to prevent users from doing this)

can anyone explain why it is not an issue? or weigh in on possible problems with allowing keys = identity?

If anyone sees an issue with 0, they'll see an issue with 1. And if with 1, then 2, etc.

I

Sorry, not saying there is an issue. I am just curious as to others' thoughts on this.

I don't have anything indicating it may mess with the math. Is a key = 1 the same as a point at infinity? I get the feeling I am conflating things there

We didn't discuss a whole lot - and a soft-disallow seemed fine to me. I am more interested in what issues it could present, or why it doesn't. I am not a group theory mathematician but am seeking to understand things

I don't know that 0, or 2, are issues. But 1 seems a unique case to me

on a non-tech/math note - is anonimal still around?

Not that I know of.

good to see you still around btw!

it has been a few years :)

logging off, but will monitor logs for discussion. thanks folks