summaryrefslogtreecommitdiff
path: root/5c
diff options
context:
space:
mode:
authorErik Aronesty <erik@q32.com>2018-07-20 13:34:29 -0400
committerbitcoindev <bitcoindev@gnusha.org>2018-07-20 17:34:32 +0000
commit9364a63909af01c0b93f12694417b4c288d5aba6 (patch)
tree6256351e6b5e3a34a912577bb6ffd6fd0d955fa5 /5c
parenta8753eaa374d4bc95e22cf001eae9d0990a75045 (diff)
downloadpi-bitcoindev-9364a63909af01c0b93f12694417b4c288d5aba6.tar.gz
pi-bitcoindev-9364a63909af01c0b93f12694417b4c288d5aba6.zip
Re: [bitcoin-dev] Multiparty signatures
Diffstat (limited to '5c')
-rw-r--r--5c/e85cc10a2d6279203b02e94c89e620f022582f198
1 files changed, 198 insertions, 0 deletions
diff --git a/5c/e85cc10a2d6279203b02e94c89e620f022582f b/5c/e85cc10a2d6279203b02e94c89e620f022582f
new file mode 100644
index 000000000..a7d3ae310
--- /dev/null
+++ b/5c/e85cc10a2d6279203b02e94c89e620f022582f
@@ -0,0 +1,198 @@
+Return-Path: <earonesty@gmail.com>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+ [172.17.192.35])
+ by mail.linuxfoundation.org (Postfix) with ESMTPS id DCB38C77
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Fri, 20 Jul 2018 17:34:32 +0000 (UTC)
+X-Greylist: whitelisted by SQLgrey-1.7.6
+Received: from mail-wm0-f54.google.com (mail-wm0-f54.google.com [74.125.82.54])
+ by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B3D85755
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Fri, 20 Jul 2018 17:34:31 +0000 (UTC)
+Received: by mail-wm0-f54.google.com with SMTP id o11-v6so10160613wmh.2
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Fri, 20 Jul 2018 10:34:31 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
+ h=mime-version:sender:in-reply-to:references:from:date:message-id
+ :subject:cc; bh=tEjmQKMhB5d0vgFbIa5jABj3LlHCWF1Ad16sua/Ly0w=;
+ b=u1WAegjZvMyI8SwzKeFcrKsFioN7zV93SNEVW/S9kfUoVPsNkqvxbFOv1517UcrT51
+ fWwp8HK36NhVTWEl4v01H2nwJFe3AQk/z8hr+qSCLBj9p38IODaXminRGVUmqCqVQA28
+ LzCJ+ihF0ooXh7S/BauJYSHt/mo+X/nh3FiZLz8yNmzdB+ISEpthVrLlBlFKNMXzHy4G
+ Ey7LxNg6pn4VrykeanElw5kjz1OVuBeD9LL0q2W9UUxUVKRX4zdTXeEr2SIteRb5y9sm
+ yy8RzhiyIj+pPZDBRn/uWX3bmQitaUrmVR6nZbyfnGLxU3Uu6Gxt9egiQmSjS1zqaS7A
+ CF4A==
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=q32-com.20150623.gappssmtp.com; s=20150623;
+ h=mime-version:sender:in-reply-to:references:from:date:message-id
+ :subject:cc; bh=tEjmQKMhB5d0vgFbIa5jABj3LlHCWF1Ad16sua/Ly0w=;
+ b=lyRKX11HuxVctyT2j74cBa8VZwMu6zMAcjRQRR62+ORDzrXAhmlmk2kkvcO+YtFvjf
+ mqnZYn4rlNiFURgkVl5YeSP/x0fqG9rQ0qtEHPly11EtOP7RfBsWyfiBI8cmIOUZrfPr
+ Kd2kvOX7CsBV/pML5h31rb1/bOnFAmTxBklJvfEy4nGQLweVaj7I/i4eYY67aJYaEMxk
+ qsiUEGmKJUF/aqzTpyFopYqpXI390LQmevwR9hd+Tcks5J4lMJuL5H+YdM5hGRG+XOFI
+ 5mGj8hT5mKSg5MC4GTNSAe9RZ9z8CGswDuMUl5aujdBELL9RzQxbR3Sp/sGQVZlxilyO
+ d6lg==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20161025;
+ h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
+ :date:message-id:subject:cc;
+ bh=tEjmQKMhB5d0vgFbIa5jABj3LlHCWF1Ad16sua/Ly0w=;
+ b=felHoePd+iOUdFZxysG1bjq6Wgk2xJ/Eno7elwlW54Ezj9m5vW9TA4pXwouFLTFEv/
+ SBDBwq4lFaernEEb5T+BI4E9inAJCM4M7uWr5il1cMIBRq8nUXiZnqqUbtCwlLScHGH8
+ 1Kb1hS71q/oGe0YCZaQU4fy6V7l7RBOs63mewPTuIj0jmdBUhkxxqtP9CludytT2uPX7
+ he5fOH4uNRNFK2DxhwSLH5iU4WNQPjSx13f9VM+DQzDRcnR97e0XtqyMH8eppdx7COD1
+ n1m8Z4u6g6ffRy0pvy3D5hwfQT3hcCcDPIVPwvl4ufHq6bci4B+yCBiWPuLDL6yGzBES
+ T6tA==
+X-Gm-Message-State: AOUpUlE01g/3ljvsRHeVjMc1dKzW1OyZgAxmPGSeGTKhAH4B2aPkn0kb
+ c6dSN0QRzD7ZzrT6jXD6OmpY0gMMooFaSlK42eLJqlnJjO6K
+X-Google-Smtp-Source: AAOMgpegMYPIc8z2R+cwTXc6i3NGMULZwAAxC5XapCinbsjePA7VpNpsQwHrKUUnmBYAwT8/BzwikPEA2CPf5x4t+jQ=
+X-Received: by 2002:a1c:c019:: with SMTP id
+ q25-v6mr2051965wmf.148.1532108070018;
+ Fri, 20 Jul 2018 10:34:30 -0700 (PDT)
+MIME-Version: 1.0
+Sender: earonesty@gmail.com
+Received: by 2002:a1c:b786:0:0:0:0:0 with HTTP; Fri, 20 Jul 2018 10:34:29
+ -0700 (PDT)
+In-Reply-To: <CAJowKgJBVdJbRvf5Y6dV4o5Jf1XyELNsT+vCrp4b-86ZYr+LYQ@mail.gmail.com>
+References: <CAJowKgLrSe77sqO2iB7mYboo_HW=YjO4=AFdv7L5FUi2vygMiQ@mail.gmail.com>
+ <08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de>
+ <CAAS2fgSPUc7xRq36rZ9BVLjUTdd152Fgho4sjJXLhfrc71vPMw@mail.gmail.com>
+ <CAJowKgL-nRcruXhWdGWrT4x+oV7i3jYST2Wa3bF5m6iT_mOyMw@mail.gmail.com>
+ <CAPg+sBjdu4mnda-P0y7Ddu-rN7a1GiUt0hY_wYGsy_bJLKOYMA@mail.gmail.com>
+ <CAJowKgLSQZ1LrZayDi7EFc-NSfK_AD+zBdyaF7jBeQRP7tOwYQ@mail.gmail.com>
+ <CAPg+sBizrx20XShpeZRvZd4bfq1=E+MFUDmSC9X-xK1CSbV5kQ@mail.gmail.com>
+ <CAJowKg+=7nS4gNmtc8a4-2cu1uCOPqxjfchFwDVqUciKNMUYWQ@mail.gmail.com>
+ <CAJowKgJ3K=wmCEtoZXJZhrnnA8XJcHYg788KP+7MCeP4Mxf-0w@mail.gmail.com>
+ <CAAS2fgSmA02s6Vdk_FYv6NJ4smLBgxnuT4jRYU44G7=bbzv2MA@mail.gmail.com>
+ <CAJowKgJjQ8EGgbCurOSjTh8ij42_BVeD6dE0y67tzN0Zop3pyg@mail.gmail.com>
+ <CAAS2fgRrkzq6Fa5T_-YDwLDkwi30LpDtMObMEBE+Fmmj0LJpBw@mail.gmail.com>
+ <CAJowKgL0b3RT7XwRTF+ohoJCyZAW-ZJ+-8Lijj_s1rqqxgU7VQ@mail.gmail.com>
+ <CAJowKg+UaMsY_nL6SBfb20Ltki+LdhXOwwvG_mAsUq_ww3Tesg@mail.gmail.com>
+ <CALqxMTHYaspkn8JupaHBeLDxLOfZbnwcne2AVeFZe2ADOefktA@mail.gmail.com>
+ <CAJowKg+rC9rmv--NxtrFQ=ea4B20u0ozkmA5hARpA4wLinnVQg@mail.gmail.com>
+ <CAJowKg+QxcU0ECpZrvUckXQfBpn6Qri=gWzLA7+Y2mvTAq_mSw@mail.gmail.com>
+ <CAMZUoK=iNgsZVb89gYRDUdZu0AkTGQ8cXqqbk3NXHEONBpO5ow@mail.gmail.com>
+ <CAJowKgJBVdJbRvf5Y6dV4o5Jf1XyELNsT+vCrp4b-86ZYr+LYQ@mail.gmail.com>
+From: Erik Aronesty <erik@q32.com>
+Date: Fri, 20 Jul 2018 13:34:29 -0400
+X-Google-Sender-Auth: 8r5H00WkkfG-ZkTEstFcr8-08MU
+Message-ID: <CAJowKgKB1GDxvpQt1JjPr+cgyM8yztLtgJ_mZ8vsoCHyBdqkVA@mail.gmail.com>
+Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Content-Type: multipart/alternative; boundary="000000000000457f7d057171b53d"
+X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
+ DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE, MISSING_HEADERS,
+ RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+ smtp1.linux-foundation.org
+X-Mailman-Approved-At: Sun, 22 Jul 2018 12:50:59 +0000
+Subject: Re: [bitcoin-dev] Multiparty signatures
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Fri, 20 Jul 2018 17:34:33 -0000
+
+--000000000000457f7d057171b53d
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: quoted-printable
+
+ Hi, thanks for all the help. I'm going to summarize again, and see if
+we've arrived at the correct solution for an M of N "single sig" extension
+of MuSig, which I think we have.
+
+- Using MuSig's solution for the blinding to solve the Wagner attack
+- Using interpolation to enhance MuSig to be M of N instead of M of M
+
+References:
+
+ - MuSig
+https://blockstream.com/2018/01/23/musig-key-aggregation-schnorr-signatures=
+.html
+ - HomPrf http://crypto.stanford.edu/~dabo/papers/homprf.pdf (sections 7.1
+and 7.4)
+
+Each party:
+
+1. Publishes public key G*xi
+3. Xi =3D H(G*xi) ... Xi is the parties x coordinate, for the purposes of
+interpolation
+3. r =3D G*x =3D via interpolation of Gx1, Gx2... (see HomPrf)
+4. L =3D H(X1,X2,=E2=80=A6) (see MuSig)
+5. X =3D sum of all H(L,Xi)Xi (see MuSig)
+6. Computes e =3D H(r | M | X) .... standard schnorr e... not a share
+7. Computes si =3D xi - xe ... where si is a "share" of the sig, and xi is
+the private data
+8. Publishes (si, e, G*Xi)
+
+Any party can then derive s from m of n shares, by interpolating, not
+adding.
+
+--000000000000457f7d057171b53d
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: quoted-printable
+
+<div dir=3D"ltr"><div class=3D"gmail_extra">
+
+<div style=3D"font-size:small;text-decoration-style:initial;text-decoration=
+-color:initial">Hi, thanks for all the help.=C2=A0 =C2=A0I&#39;m going to s=
+ummarize again, and see if we&#39;ve arrived at the correct solution for an=
+ M of N &quot;single sig&quot; extension of MuSig, which I think we have.</=
+div><div style=3D"font-size:small;text-decoration-style:initial;text-decora=
+tion-color:initial"><br></div><div style=3D"font-size:small;text-decoration=
+-style:initial;text-decoration-color:initial">- Using MuSig&#39;s solution =
+for the blinding to solve the Wagner attack</div><div style=3D"font-size:sm=
+all;text-decoration-style:initial;text-decoration-color:initial">- Using in=
+terpolation to enhance MuSig to be M of N instead of M of M</div><div style=
+=3D"font-size:small;text-decoration-style:initial;text-decoration-color:ini=
+tial"><br></div><div style=3D"font-size:small;text-decoration-style:initial=
+;text-decoration-color:initial">References:</div><div style=3D"font-size:sm=
+all;text-decoration-style:initial;text-decoration-color:initial"><br></div>=
+<div style=3D"font-size:small;text-decoration-style:initial;text-decoration=
+-color:initial">=C2=A0- MuSig <a href=3D"https://blockstream.com/2018/01/23=
+/musig-key-aggregation-schnorr-signatures.html">https://blockstream.com/201=
+8/01/23/musig-key-aggregation-schnorr-signatures.html</a><br></div><div sty=
+le=3D"font-size:small;text-decoration-style:initial;text-decoration-color:i=
+nitial">=C2=A0- HomPrf <a href=3D"http://crypto.stanford.edu/~dabo/papers/h=
+omprf.pdf">http://crypto.stanford.edu/~dabo/papers/homprf.pdf</a> (sections=
+ 7.1 and 7.4)</div><div style=3D"font-size:small;text-decoration-style:init=
+ial;text-decoration-color:initial"><br></div><div style=3D"font-size:small;=
+text-decoration-style:initial;text-decoration-color:initial">Each party:</d=
+iv><div style=3D"font-size:small;text-decoration-style:initial;text-decorat=
+ion-color:initial"><br></div><div style=3D"font-size:small;text-decoration-=
+style:initial;text-decoration-color:initial">1. Publishes public key G*xi</=
+div><div style=3D"font-size:small;text-decoration-style:initial;text-decora=
+tion-color:initial">3. Xi =3D H(G*xi) ... Xi is the parties x coordinate, f=
+or the purposes of interpolation</div><div style=3D"font-size:small;text-de=
+coration-style:initial;text-decoration-color:initial">3. r =3D G*x =3D via =
+interpolation of Gx1, Gx2... (see=C2=A0<span style=3D"background-color:rgb(=
+255,255,255);text-decoration-style:initial;text-decoration-color:initial;fl=
+oat:none;display:inline">HomPrf</span>)</div><div style=3D"font-size:small;=
+text-decoration-style:initial;text-decoration-color:initial">4. L =3D H(X1,=
+X2,=E2=80=A6) (see MuSig)<br></div><div style=3D"font-size:small;text-decor=
+ation-style:initial;text-decoration-color:initial">5. X =3D sum of all H(L,=
+Xi)Xi (<span style=3D"background-color:rgb(255,255,255);text-decoration-sty=
+le:initial;text-decoration-color:initial;float:none;display:inline">see MuS=
+ig</span>)</div><div style=3D"font-size:small;text-decoration-style:initial=
+;text-decoration-color:initial">6. Computes e =3D H(r | M | X) .... standar=
+d schnorr e... not a share</div><div style=3D"font-size:small;text-decorati=
+on-style:initial;text-decoration-color:initial">7. Computes si =3D xi - xe =
+... where si is a &quot;share&quot; of the sig, and xi is the private data<=
+/div><div style=3D"font-size:small;text-decoration-style:initial;text-decor=
+ation-color:initial">8. Publishes (si, e, G*Xi)</div><div style=3D"font-siz=
+e:small;text-decoration-style:initial;text-decoration-color:initial"><br></=
+div><div style=3D"font-size:small;text-decoration-style:initial;text-decora=
+tion-color:initial">Any party can then derive s from m of n shares, by inte=
+rpolating, not adding.</div><div style=3D"font-size:small;text-decoration-s=
+tyle:initial;text-decoration-color:initial"><br></div><br class=3D"gmail-Ap=
+ple-interchange-newline">
+
+<br></div></div>
+
+--000000000000457f7d057171b53d--
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-26 16:33:48 +0000