diff options
author | Tom Trevethan <tom@commerceblock.com> | 2023-07-24 17:22:15 +0100 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2023-07-24 16:22:30 +0000 |
commit | 2530c70592dee04419534888a050315ce90a8a08 (patch) | |
tree | b72a049306879efccbc426e2429ddd641ca04823 | |
parent | b24193323258ae2071f4683d34b67dda62ff0517 (diff) | |
download | pi-bitcoindev-2530c70592dee04419534888a050315ce90a8a08.tar.gz pi-bitcoindev-2530c70592dee04419534888a050315ce90a8a08.zip |
Re: [bitcoin-dev] Blinded 2-party Musig2
-rw-r--r-- | 88/6640f969e958f2a8c10998c871952f72458f51 | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/88/6640f969e958f2a8c10998c871952f72458f51 b/88/6640f969e958f2a8c10998c871952f72458f51 new file mode 100644 index 000000000..bedc211f7 --- /dev/null +++ b/88/6640f969e958f2a8c10998c871952f72458f51 @@ -0,0 +1,144 @@ +Return-Path: <tom@commerceblock.com> +Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) + by lists.linuxfoundation.org (Postfix) with ESMTP id 12422C0032 + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 24 Jul 2023 16:22:30 +0000 (UTC) +Received: from localhost (localhost [127.0.0.1]) + by smtp2.osuosl.org (Postfix) with ESMTP id D12A5403C8 + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 24 Jul 2023 16:22:29 +0000 (UTC) +DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org D12A5403C8 +Authentication-Results: smtp2.osuosl.org; + dkim=pass (2048-bit key) header.d=commerceblock-com.20221208.gappssmtp.com + header.i=@commerceblock-com.20221208.gappssmtp.com header.a=rsa-sha256 + header.s=20221208 header.b=5dgagnNt +X-Virus-Scanned: amavisd-new at osuosl.org +X-Spam-Flag: NO +X-Spam-Score: -1.897 +X-Spam-Level: +X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 + tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, + HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, + SPF_NONE=0.001] autolearn=ham autolearn_force=no +Received: from smtp2.osuosl.org ([127.0.0.1]) + by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id q37X9hIhKhyA + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 24 Jul 2023 16:22:29 +0000 (UTC) +Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com + [IPv6:2a00:1450:4864:20::530]) + by smtp2.osuosl.org (Postfix) with ESMTPS id DC0454031E + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 24 Jul 2023 16:22:28 +0000 (UTC) +DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org DC0454031E +Received: by mail-ed1-x530.google.com with SMTP id + 4fb4d7f45d1cf-5221cf2bb8cso3474691a12.1 + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 24 Jul 2023 09:22:28 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=commerceblock-com.20221208.gappssmtp.com; s=20221208; t=1690215746; + x=1690820546; + h=to:subject:message-id:date:from:in-reply-to:references:mime-version + :from:to:cc:subject:date:message-id:reply-to; + bh=rGXUDL0CEOfrXAyZExJjUL/QkAwdjS+oYMxrqXeUZkk=; + b=5dgagnNtdQ76veDMh8uT78bFqCg+sxdey9SxoWb1iYXgsAHv0DJa6kRhEuqTJDQ27Y + TVKN4Tne9ZoV+WUkVbqpFUBF1RrKzvOL7fu0Vq2X2d0lTnnVV6KwZUjWI8WwTXdaUCSF + ZyGmJ8cIHHEscGqNNGgszr/yFiUzOq3hDxyvB9p1/rbf6Gpfw+ls/4MwC4xg06j7dNvV + Jzg4/+iZ7GqQBmsxfq1wD+qCC89zBGIykHvJ9Rp8YD8I0halcIMoIStt2DQFhTnyzDKn + Z8AnLSGTcBAJUy+V4Rajp5Zg0HHON0WS233uf53sV08gO+nRMibWcpJPYw5Nq4YVaTUB + TxkQ== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20221208; t=1690215746; x=1690820546; + h=to:subject:message-id:date:from:in-reply-to:references:mime-version + :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; + bh=rGXUDL0CEOfrXAyZExJjUL/QkAwdjS+oYMxrqXeUZkk=; + b=MzCGoVmB/IEIZdxn0bHDAFlXhi8//tBHJFw1JJXayOo9r9Deu9zqezePNVlSNC3rMv + ZoeB/s3dyniyJCe8b2e4B1rFREaV4csbThKSNaiOQrsrxPORTA5Tt8eojosHRyGBN/EM + 0cyhYxKRhPgC2a3ZI0UQxW7fIfcJmtzDAvubZ2Bojtzi6VhZxuLulEoCZ/3GCHUktic0 + 7pY5F6yiKkqWokYXHBqLLmJeWk3W2H1/LpfHdj8GExlgwZmlC+g0ixcBoZcprYhzfSnB + yEnERwSHtsQ0hZwigieHsC+kXdHbNBZGjlj34oFswY9FlOcO22fXdFubw+t+xf9y83+v + LimA== +X-Gm-Message-State: ABy/qLadLNW+1Xu7Q3IrL03rwz/TxcE5PUgzyOhMKW5qKJooyflNadPp + xzZjhkWIPKbE/l1D+odbLbhxNLwXjFCY/gysmFCDlZmzkBO4bJ0= +X-Google-Smtp-Source: APBJJlGraKIbV6u0o3t3v06ik/K3PFWGcsrzwA2OekkEvmkmsDm+0t+0DXRTYz2Zotx+Pn2qVdRVw3tDpFhNmguch4I= +X-Received: by 2002:aa7:d502:0:b0:521:8d64:df1c with SMTP id + y2-20020aa7d502000000b005218d64df1cmr9767155edq.0.1690215746674; Mon, 24 Jul + 2023 09:22:26 -0700 (PDT) +MIME-Version: 1.0 +References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com> + <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com> +In-Reply-To: <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com> +From: Tom Trevethan <tom@commerceblock.com> +Date: Mon, 24 Jul 2023 17:22:15 +0100 +Message-ID: <CAJvkSscdAw8-Z7quKexjFk1gdXmwpKpP5Q1XEuHbHROGdMBpKg@mail.gmail.com> +To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +Content-Type: multipart/alternative; boundary="0000000000002cbc5c06013e05de" +X-Mailman-Approved-At: Mon, 24 Jul 2023 16:37:34 +0000 +Subject: Re: [bitcoin-dev] Blinded 2-party Musig2 +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.15 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Mon, 24 Jul 2023 16:22:30 -0000 + +--0000000000002cbc5c06013e05de +Content-Type: text/plain; charset="UTF-8" +Content-Transfer-Encoding: quoted-printable + +Hi Jonas, + +Seems you are right: for every tx, compute c from the on-chain data, and +the server can match the c to the m (tx). So there would need to be a +method for blinding the value of c. + +On Mon, Jul 24, 2023 at 4:39=E2=80=AFPM Jonas Nick <jonasdnick@gmail.com> w= +rote: + +> > Party 1 never learns the final value of (R,s1+s2) or m. +> +> Actually, it seems like a blinding step is missing. Assume the server +> (party 1) +> received some c during the signature protocol. Can't the server scan the +> blockchain for signatures, compute corresponding hashes c' =3D H(R||X||m)= + as +> in +> signature verification and then check c =3D=3D c'? If true, then the serv= +er +> has the +> preimage for the c received from the client, including m. +> + +--0000000000002cbc5c06013e05de +Content-Type: text/html; charset="UTF-8" +Content-Transfer-Encoding: quoted-printable + +<div dir=3D"ltr">Hi Jonas,<div><br></div><div>Seems you are right: for ever= +y tx, compute c from the on-chain data, and the server can match the c to t= +he m (tx). So there would need to be a method for blinding the value of c.= +=C2=A0</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"= +gmail_attr">On Mon, Jul 24, 2023 at 4:39=E2=80=AFPM Jonas Nick <<a href= +=3D"mailto:jonasdnick@gmail.com">jonasdnick@gmail.com</a>> wrote:<br></d= +iv><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bord= +er-left:1px solid rgb(204,204,204);padding-left:1ex">=C2=A0> Party 1 nev= +er learns the final value of (R,s1+s2) or m.<br> +<br> +Actually, it seems like a blinding step is missing. Assume the server (part= +y 1)<br> +received some c during the signature protocol. Can't the server scan th= +e<br> +blockchain for signatures, compute corresponding hashes c' =3D H(R||X||= +m) as in<br> +signature verification and then check c =3D=3D c'? If true, then the se= +rver has the<br> +preimage for the c received from the client, including m.<br> +</blockquote></div> + +--0000000000002cbc5c06013e05de-- + |