Re: [bitcoindev] Allowing Duplicate Keys in BIP 390 musig() ExpressionsHEAD master

author: 'Ava Chow' via Bitcoin Development Mailing List <bitcoindev@googlegroups.com> 2025-06-03 21:38:20 +0000
committer: bitcoindev <bitcoindev@googlegroups.com> 2025-06-03 14:40:55 -0700
commit: 13f6dcf14da550a70497dc5c2c207476e47f0196 (patch)
tree: 88b95e1e2ed4816b80b0804c1c82297de39be71f
parent: ac5738b1efa9d5f40dd76af50b0dd9855cd88a00 (diff)
download: pi-bitcoindev-master.tar.gz
pi-bitcoindev-master.zip
1 files changed, 216 insertions, 0 deletions
diff --git a/0f/731711c582ef1fe501984099348e672c71ecd5 b/0f/731711c582ef1fe501984099348e672c71ecd5
new file mode 100644
index 000000000..4a8ceba49
--- /dev/null
+++ b/0f/731711c582ef1fe501984099348e672c71ecd5
@@ -0,0 +1,216 @@
+Delivery-date: Tue, 03 Jun 2025 14:40:55 -0700
+Received: from mail-oa1-f56.google.com ([209.85.160.56])
+	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+	(Exim 4.94.2)
+	(envelope-from <bitcoindev+bncBAABBXOX7XAQMGQEZ3XJF3Y@googlegroups.com>)
+	id 1uMZNP-0001mj-1g
+	for bitcoindev@gnusha.org; Tue, 03 Jun 2025 14:40:55 -0700
+Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-2e901debe9fsf2036391fac.1
+        for <bitcoindev@gnusha.org>; Tue, 03 Jun 2025 14:40:54 -0700 (PDT)
+ARC-Seal: i=2; a=rsa-sha256; t=1748986849; cv=pass;
+        d=google.com; s=arc-20240605;
+        b=iu2gP10tg8sda5UWjvH1wVa4P4Iqekt6fwZttLd2VTA0wpVzuSttf0uq+vRZ7CBlje
+         dvG3TGMudSE+U6VMmMKP+qe5MeWitrSPd7LyqR5nyUvvVMLIcbzGthFRB8ZotqcnpJuD
+         nKMLu1mvZafRVYxXNht/3uirKjSCqo3GLD/7f5qMdGGBozuTMsOvDjpJa9bTxIyqh/F3
+         Rb3r1CxGoDkcoN/OERyFgtMCiq6ef+gicBOrFgaocCFqcKZXGUKjdNb+z5ENrApybYn4
+         1pyBPyk4/EW1jo2MqA52QbTU8vyiq0ELQHj22dDP0BQgp+sO+6AYpOdBrb07dQSoLiEl
+         dNwQ==
+ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
+        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
+         :list-id:mailing-list:precedence:reply-to:content-transfer-encoding
+         :mime-version:feedback-id:references:in-reply-to:message-id:subject
+         :cc:from:to:date:dkim-signature;
+        bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=;
+        fh=BEcRhtwrlVhf5+OhI7SU6Lc4EE5gL1tiGtvuKAYLTf0=;
+        b=OJSM7Iqr1XFhQTDo9GU6ngyjW3dpcOJlj9F96VpZdBLtBTS9BpU5r3jaLiQjb4wnOj
+         jMR+SEOgkzeU1v00QVZUWjkyBku+Pa7ZOujnJ8/EbHAuoWTJrfbKG5IhfdW3MZBn8224
+         y5SAAdadb+KmTVREVQauRPFwvQdT9jtzsAJYbUuOFIjUOIeG6VsAjIabaA+oxpI1gD/i
+         iJ9lPPQ9+z/+rzxgsyVkrPZAOt6M+3G2SXvc9oHMlILaI1gr9QL9M1vtIOoC3d6FDJir
+         RQa5Bga0pO3sIwNMUBE46L6Pj6TUlcMTzLB6jpW1oXZHI4IuH55uZ+IXHkPk2bcf80Lk
+         7owQ==;
+        darn=gnusha.org
+ARC-Authentication-Results: i=2; gmr-mx.google.com;
+       dkim=pass header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX;
+       spf=pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) smtp.mailfrom=lists@achow101.com;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+        d=googlegroups.com; s=20230601; t=1748986849; x=1749591649; darn=gnusha.org;
+        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
+         :list-id:mailing-list:precedence:reply-to
+         :x-original-authentication-results:x-original-sender
+         :content-transfer-encoding:mime-version:feedback-id:references
+         :in-reply-to:message-id:subject:cc:from:to:date:from:to:cc:subject
+         :date:message-id:reply-to;
+        bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=;
+        b=VcHE/1A82CIwCHORoblg4O470yEmqwb7SPcuBTrM8VTer8EFCaM+9a1MoO7Ie31cHq
+         PO2k/+LI6N8IeN2ESUEoy26tvkNtljEuRj4PDBZLPINtFysfKwdDjyAcy6flhmvSrMbh
+         bcRTAvuGtBR+1GpIOi4ICh7gRwUxwqaENUkqcegAISe0vKrpbJt9kTHu6pLejg/eYW5O
+         MzfBCHqPzTJuDC+f2pnKP1i/N9csqRY8EScWIdU2rEomYLRh43JmQ5CT7IonXT5DOsng
+         gCObdOWJUGzIj36r8yOQZpizjloJqxpPW4NaV0uGFkLHy2xKtxOSDCu1uhi01bP6OWAl
+         UIlQ==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+        d=1e100.net; s=20230601; t=1748986849; x=1749591649;
+        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
+         :list-id:mailing-list:precedence:reply-to
+         :x-original-authentication-results:x-original-sender
+         :content-transfer-encoding:mime-version:feedback-id:references
+         :in-reply-to:message-id:subject:cc:from:to:date:x-beenthere
+         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
+        bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=;
+        b=GwMFCI485Dgt3ZgKDHV6Ua0KyR9nm5FJlCqxJyieOw1JO5rRFIWTx/uRk4YAggdNBV
+         +jBCQf/b4hxT+oRtjsXFtAseMRpkrUgq7b9nSEnq7dbxvKhIlsX6iLnAew080/MU9hsx
+         /7avsYsJqz+8h5jJLY4HYLYvo/gnHCmCPGhR5oFRrnjfolXZFdKdbmQmcF5XqGzxXMBk
+         nWVyLxgKzx1YpUR7Fg9GtEKgXZkynrC3ZtG7yaIkdzQKxM56/qFVrfPldOlfJU4pPyCd
+         jUcfgmG7FYmTcE3h2W3HGSM7qmld257gU9iGV6Rt5p4EGhWS+4N9SCnPV6qTkOLHqbgA
+         YbyQ==
+X-Forwarded-Encrypted: i=2; AJvYcCVsGkN3+FxPLNxpXArW0z2pCj+F30VyJhEo8GB+LQCB/g9vdNCYBrIaSBIdJdfEBzT6FloNAhY/vp1u@gnusha.org
+X-Gm-Message-State: AOJu0YwXrF85ajbyTG+jWYuiOgfFkM2cwhuye9xq0fetAM7OpkRG06N0
+	RXF+I3sRAUTksYjDn5uxDnCt5hI2+YUoEmr5ZaRaBagCbnGYGd+US8uA
+X-Google-Smtp-Source: AGHT+IHZtvfk13julkNJ7SjEYYqkBxkusnYxG4WGCaA/hMKZ4bat9FRSRkSdy084xYvBZzpGcPv0AA==
+X-Received: by 2002:a05:6870:7a0e:b0:2c2:542b:bce4 with SMTP id 586e51a60fabf-2e9bf15af97mr288751fac.8.1748986849013;
+        Tue, 03 Jun 2025 14:40:49 -0700 (PDT)
+X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZf6BFQELWEGU5xtpuCWO78ToHopjrmtcWjo76e6jWTgjQ==
+Received: by 2002:a05:6870:1157:b0:2e8:f768:9183 with SMTP id
+ 586e51a60fabf-2e8fe4ae3e0ls2121418fac.0.-pod-prod-02-us; Tue, 03 Jun 2025
+ 14:40:45 -0700 (PDT)
+X-Received: by 2002:a05:6808:3306:b0:3fe:b1fd:527f with SMTP id 5614622812f47-408f0e9fda7mr522355b6e.1.1748986845540;
+        Tue, 03 Jun 2025 14:40:45 -0700 (PDT)
+Received: by 2002:a05:600c:4930:b0:442:dc76:9493 with SMTP id 5b1f17b1804b1-451ee59ec23ms5e9;
+        Tue, 3 Jun 2025 14:38:28 -0700 (PDT)
+X-Received: by 2002:a05:600c:a49:b0:442:f482:c429 with SMTP id 5b1f17b1804b1-451f0a72994mr1959015e9.8.1748986706900;
+        Tue, 03 Jun 2025 14:38:26 -0700 (PDT)
+ARC-Seal: i=1; a=rsa-sha256; t=1748986706; cv=none;
+        d=google.com; s=arc-20240605;
+        b=U2umfh6Rw9K0LpVHDrjuf4DJdQSh0TVfuXU3w3AQbRyCFtf5vwx6AtOIycPb8OW7x4
+         acGDgHihg4txiMGFoV+v1ymxSEw1PsDQO2x+uyj7IER0c8Q5ip8gy9pLhm39/r1wZhwj
+         vMrG0mpghBh0bdUR35zbb3LiB6Om+8Ma539zKakJlhNm368iBqDQ+XgjECmpPiFHXlZ7
+         P1FOlHM1zzW8C3uhfGT+XYjgx2/KTCFcC/C5QsgdcumQfaELyCFkQd2NzJ3WoIYMcA8W
+         GB1F8zIhnOjyxvdLOB3jHzeJKJDVxw3b/cicDClJg/jOs2t+GsrrimZyaYhqf5Q+31+N
+         vD1g==
+ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
+        h=content-transfer-encoding:mime-version:feedback-id:references
+         :in-reply-to:message-id:subject:cc:from:to:date:dkim-signature;
+        bh=rbV33oDIzu+XaoFBoBTi7j8m4Ue+0resVeSgqNNokNg=;
+        fh=Zedq5pd0qyqVsmfgG+8/Y9cUOZXbXVTvFM2iZX29U/g=;
+        b=k0jAne4aIGYcQXW7MpAn448RaRAtKbxlAfOFJ021Ns404A44mdi5i5EnkvPmZKcvqn
+         hnIICAmqXbs2W6FKgP42MtmlZ88NaCnrXmPbxPc98HCECxs7tV5bLMoZaiQZIUenrzG+
+         gTB/TT40S6PstOepNltRVhyUQGyxU5p4+qPG7C7ScGWUEuIujwqpQsPlga53RvH/LN3i
+         /0emv19J8sYgs3kfAMttTnxdoYH77e4hRfYgthu1HKxjXbrxKXDGVtWN2NIE8aPRHpTK
+         5lbsAU+hoX5XxSDjrHcPM4SVRKI2+VcdHq0YIxfuki2FyvNGoL07FF3mJG2oQ532iB2F
+         3xBw==;
+        dara=google.com
+ARC-Authentication-Results: i=1; gmr-mx.google.com;
+       dkim=pass header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX;
+       spf=pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) smtp.mailfrom=lists@achow101.com;
+       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
+Received: from mail-10624.protonmail.ch (mail-10624.protonmail.ch. [79.135.106.24])
+        by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-451e505b5fdsi574105e9.0.2025.06.03.14.38.26
+        for <bitcoindev@googlegroups.com>
+        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
+        Tue, 03 Jun 2025 14:38:26 -0700 (PDT)
+Received-SPF: pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) client-ip=79.135.106.24;
+Date: Tue, 03 Jun 2025 21:38:20 +0000
+To: Nagaev Boris <bnagaev@gmail.com>
+From: "'Ava Chow' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
+Cc: bitcoindev@googlegroups.com
+Subject: Re: [bitcoindev] Allowing Duplicate Keys in BIP 390 musig() Expressions
+Message-ID: <9a25e808-1821-404c-bd47-f0ab78bca936@achow101.com>
+In-Reply-To: <CAFC_Vt5z+B+F=QOytZ96ptRFweX1aGBV-CXHqwv54UAyo_iiAw@mail.gmail.com>
+References: <08dbeffd-64ec-4ade-b297-6d2cbeb5401c@achow101.com> <CAFC_Vt5z+B+F=QOytZ96ptRFweX1aGBV-CXHqwv54UAyo_iiAw@mail.gmail.com>
+Feedback-ID: 53660394:user:proton
+X-Pm-Message-ID: f03511f6051c2c219c14bf69c6c35114bcb9efe9
+MIME-Version: 1.0
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: quoted-printable
+X-Original-Sender: lists@achow101.com
+X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
+ header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX;       spf=pass
+ (google.com: domain of lists@achow101.com designates 79.135.106.24 as
+ permitted sender) smtp.mailfrom=lists@achow101.com;       dmarc=pass
+ (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
+X-Original-From: Ava Chow <lists@achow101.com>
+Reply-To: Ava Chow <lists@achow101.com>
+Precedence: list
+Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
+List-ID: <bitcoindev.googlegroups.com>
+X-Google-Group-Id: 786775582512
+List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
+List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
+List-Archive: <https://groups.google.com/group/bitcoindev
+List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
+List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
+ <https://groups.google.com/group/bitcoindev/subscribe>
+X-Spam-Score: -1.0 (-)
+
+Hi Boris,
+
+BIP 327 explicitly allows for duplicate participant pubkeys, so as long=20
+as all signing procedures follow the BIP, everything will be fine. Also,=20
+BIP 327 explicitly warns against deterministic nonces for reasons=20
+unrelated to duplicate pubkeys.
+
+Although, allowing duplicates does bring up an additional issue with the=20
+MuSig2 PSBT fields as these inherently do not allow duplicate pubkeys.
+
+Ava
+
+On 06/03/2025 02:26 PM, Nagaev Boris wrote:
+> Hi Ava,
+>
+> Is it safe to allow multiple participants to have the same public key?
+> If deterministic nonce generation is used (deriving each participant's
+> nonce from the message, the set of public keys, and the participant's
+> private key), duplicate public keys would lead to identical nonces.
+>
+> While this may not be catastrophic (since they are signing the same
+> message and the private key likely can't be extracted) it still seems
+> risky. Identical nonces can have unexpected consequences, and I'm not
+> sure if all security assumptions would still hold.
+>
+> Curious what you think.
+>
+> Best,
+> Boris
+>
+> On Tue, Jun 3, 2025 at 6:08=E2=80=AFPM 'Ava Chow' via Bitcoin Development
+> Mailing List <bitcoindev@googlegroups.com> wrote:
+>> Hi All,
+>>
+>> In implementing musig() descriptor expressions, I realized that the
+>> restriction "Repeated participant public keys are not allowed" is a bit
+>> complicated to implement. While I don't see why anyone would want to
+>> duplicate keys, MuSig2 does allow duplicate participant keys and
+>> allowing them would make the implementation of musig() expressions much
+>> easier. Thus I'd like to propose changing the BIP to remove this
+>> restriction.
+>>
+>> Has anyone implemented musig() expressions yet with this restriction,
+>> and would removing it be a significant breaking change to anyone? If
+>> not, I'll make the change to the BIP in a few days.
+>>
+>> Thanks,
+>>
+>> Ava
+>>
+>>
+>> --
+>> You received this message because you are subscribed to the Google Group=
+s "Bitcoin Development Mailing List" group.
+>> To unsubscribe from this group and stop receiving emails from it, send a=
+n email to bitcoindev+unsubscribe@googlegroups.com.
+>> To view this discussion visit https://groups.google.com/d/msgid/bitcoind=
+ev/08dbeffd-64ec-4ade-b297-6d2cbeb5401c%40achow101.com.
+>
+>
+> --
+> Best regards,
+> Boris Nagaev
+
+--=20
+You received this message because you are subscribed to the Google Groups "=
+Bitcoin Development Mailing List" group.
+To unsubscribe from this group and stop receiving emails from it, send an e=
+mail to bitcoindev+unsubscribe@googlegroups.com.
+To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
+9a25e808-1821-404c-bd47-f0ab78bca936%40achow101.com.
+
author	'Ava Chow' via Bitcoin Development Mailing List <bitcoindev@googlegroups.com>	2025-06-03 21:38:20 +0000
committer	bitcoindev <bitcoindev@googlegroups.com>	2025-06-03 14:40:55 -0700
commit	13f6dcf14da550a70497dc5c2c207476e47f0196 (patch)
tree	88b95e1e2ed4816b80b0804c1c82297de39be71f
parent	ac5738b1efa9d5f40dd76af50b0dd9855cd88a00 (diff)
download	pi-bitcoindev-master.tar.gz pi-bitcoindev-master.zip