summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Trevethan <tom@commerceblock.com>2023-07-24 17:22:15 +0100
committerbitcoindev <bitcoindev@gnusha.org>2023-07-24 16:22:30 +0000
commit2530c70592dee04419534888a050315ce90a8a08 (patch)
treeb72a049306879efccbc426e2429ddd641ca04823
parentb24193323258ae2071f4683d34b67dda62ff0517 (diff)
downloadpi-bitcoindev-2530c70592dee04419534888a050315ce90a8a08.tar.gz
pi-bitcoindev-2530c70592dee04419534888a050315ce90a8a08.zip
Re: [bitcoin-dev] Blinded 2-party Musig2
-rw-r--r--88/6640f969e958f2a8c10998c871952f72458f51144
1 files changed, 144 insertions, 0 deletions
diff --git a/88/6640f969e958f2a8c10998c871952f72458f51 b/88/6640f969e958f2a8c10998c871952f72458f51
new file mode 100644
index 000000000..bedc211f7
--- /dev/null
+++ b/88/6640f969e958f2a8c10998c871952f72458f51
@@ -0,0 +1,144 @@
+Return-Path: <tom@commerceblock.com>
+Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
+ by lists.linuxfoundation.org (Postfix) with ESMTP id 12422C0032
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 24 Jul 2023 16:22:30 +0000 (UTC)
+Received: from localhost (localhost [127.0.0.1])
+ by smtp2.osuosl.org (Postfix) with ESMTP id D12A5403C8
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 24 Jul 2023 16:22:29 +0000 (UTC)
+DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org D12A5403C8
+Authentication-Results: smtp2.osuosl.org;
+ dkim=pass (2048-bit key) header.d=commerceblock-com.20221208.gappssmtp.com
+ header.i=@commerceblock-com.20221208.gappssmtp.com header.a=rsa-sha256
+ header.s=20221208 header.b=5dgagnNt
+X-Virus-Scanned: amavisd-new at osuosl.org
+X-Spam-Flag: NO
+X-Spam-Score: -1.897
+X-Spam-Level:
+X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5
+ tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
+ HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
+ SPF_NONE=0.001] autolearn=ham autolearn_force=no
+Received: from smtp2.osuosl.org ([127.0.0.1])
+ by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id q37X9hIhKhyA
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 24 Jul 2023 16:22:29 +0000 (UTC)
+Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com
+ [IPv6:2a00:1450:4864:20::530])
+ by smtp2.osuosl.org (Postfix) with ESMTPS id DC0454031E
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 24 Jul 2023 16:22:28 +0000 (UTC)
+DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org DC0454031E
+Received: by mail-ed1-x530.google.com with SMTP id
+ 4fb4d7f45d1cf-5221cf2bb8cso3474691a12.1
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 24 Jul 2023 09:22:28 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=commerceblock-com.20221208.gappssmtp.com; s=20221208; t=1690215746;
+ x=1690820546;
+ h=to:subject:message-id:date:from:in-reply-to:references:mime-version
+ :from:to:cc:subject:date:message-id:reply-to;
+ bh=rGXUDL0CEOfrXAyZExJjUL/QkAwdjS+oYMxrqXeUZkk=;
+ b=5dgagnNtdQ76veDMh8uT78bFqCg+sxdey9SxoWb1iYXgsAHv0DJa6kRhEuqTJDQ27Y
+ TVKN4Tne9ZoV+WUkVbqpFUBF1RrKzvOL7fu0Vq2X2d0lTnnVV6KwZUjWI8WwTXdaUCSF
+ ZyGmJ8cIHHEscGqNNGgszr/yFiUzOq3hDxyvB9p1/rbf6Gpfw+ls/4MwC4xg06j7dNvV
+ Jzg4/+iZ7GqQBmsxfq1wD+qCC89zBGIykHvJ9Rp8YD8I0halcIMoIStt2DQFhTnyzDKn
+ Z8AnLSGTcBAJUy+V4Rajp5Zg0HHON0WS233uf53sV08gO+nRMibWcpJPYw5Nq4YVaTUB
+ TxkQ==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20221208; t=1690215746; x=1690820546;
+ h=to:subject:message-id:date:from:in-reply-to:references:mime-version
+ :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
+ bh=rGXUDL0CEOfrXAyZExJjUL/QkAwdjS+oYMxrqXeUZkk=;
+ b=MzCGoVmB/IEIZdxn0bHDAFlXhi8//tBHJFw1JJXayOo9r9Deu9zqezePNVlSNC3rMv
+ ZoeB/s3dyniyJCe8b2e4B1rFREaV4csbThKSNaiOQrsrxPORTA5Tt8eojosHRyGBN/EM
+ 0cyhYxKRhPgC2a3ZI0UQxW7fIfcJmtzDAvubZ2Bojtzi6VhZxuLulEoCZ/3GCHUktic0
+ 7pY5F6yiKkqWokYXHBqLLmJeWk3W2H1/LpfHdj8GExlgwZmlC+g0ixcBoZcprYhzfSnB
+ yEnERwSHtsQ0hZwigieHsC+kXdHbNBZGjlj34oFswY9FlOcO22fXdFubw+t+xf9y83+v
+ LimA==
+X-Gm-Message-State: ABy/qLadLNW+1Xu7Q3IrL03rwz/TxcE5PUgzyOhMKW5qKJooyflNadPp
+ xzZjhkWIPKbE/l1D+odbLbhxNLwXjFCY/gysmFCDlZmzkBO4bJ0=
+X-Google-Smtp-Source: APBJJlGraKIbV6u0o3t3v06ik/K3PFWGcsrzwA2OekkEvmkmsDm+0t+0DXRTYz2Zotx+Pn2qVdRVw3tDpFhNmguch4I=
+X-Received: by 2002:aa7:d502:0:b0:521:8d64:df1c with SMTP id
+ y2-20020aa7d502000000b005218d64df1cmr9767155edq.0.1690215746674; Mon, 24 Jul
+ 2023 09:22:26 -0700 (PDT)
+MIME-Version: 1.0
+References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com>
+ <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com>
+In-Reply-To: <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com>
+From: Tom Trevethan <tom@commerceblock.com>
+Date: Mon, 24 Jul 2023 17:22:15 +0100
+Message-ID: <CAJvkSscdAw8-Z7quKexjFk1gdXmwpKpP5Q1XEuHbHROGdMBpKg@mail.gmail.com>
+To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Content-Type: multipart/alternative; boundary="0000000000002cbc5c06013e05de"
+X-Mailman-Approved-At: Mon, 24 Jul 2023 16:37:34 +0000
+Subject: Re: [bitcoin-dev] Blinded 2-party Musig2
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.15
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Mon, 24 Jul 2023 16:22:30 -0000
+
+--0000000000002cbc5c06013e05de
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: quoted-printable
+
+Hi Jonas,
+
+Seems you are right: for every tx, compute c from the on-chain data, and
+the server can match the c to the m (tx). So there would need to be a
+method for blinding the value of c.
+
+On Mon, Jul 24, 2023 at 4:39=E2=80=AFPM Jonas Nick <jonasdnick@gmail.com> w=
+rote:
+
+> > Party 1 never learns the final value of (R,s1+s2) or m.
+>
+> Actually, it seems like a blinding step is missing. Assume the server
+> (party 1)
+> received some c during the signature protocol. Can't the server scan the
+> blockchain for signatures, compute corresponding hashes c' =3D H(R||X||m)=
+ as
+> in
+> signature verification and then check c =3D=3D c'? If true, then the serv=
+er
+> has the
+> preimage for the c received from the client, including m.
+>
+
+--0000000000002cbc5c06013e05de
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: quoted-printable
+
+<div dir=3D"ltr">Hi Jonas,<div><br></div><div>Seems you are right: for ever=
+y tx, compute c from the on-chain data, and the server can match the c to t=
+he m (tx). So there would need to be a method for blinding the value of c.=
+=C2=A0</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"=
+gmail_attr">On Mon, Jul 24, 2023 at 4:39=E2=80=AFPM Jonas Nick &lt;<a href=
+=3D"mailto:jonasdnick@gmail.com">jonasdnick@gmail.com</a>&gt; wrote:<br></d=
+iv><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bord=
+er-left:1px solid rgb(204,204,204);padding-left:1ex">=C2=A0&gt; Party 1 nev=
+er learns the final value of (R,s1+s2) or m.<br>
+<br>
+Actually, it seems like a blinding step is missing. Assume the server (part=
+y 1)<br>
+received some c during the signature protocol. Can&#39;t the server scan th=
+e<br>
+blockchain for signatures, compute corresponding hashes c&#39; =3D H(R||X||=
+m) as in<br>
+signature verification and then check c =3D=3D c&#39;? If true, then the se=
+rver has the<br>
+preimage for the c received from the client, including m.<br>
+</blockquote></div>
+
+--0000000000002cbc5c06013e05de--
+