diff options
| author | nakagat <nakagat@gmail.com> | 2018-09-12 15:00:17 +0900 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2018-09-12 06:00:29 +0000 |
| commit | afefff481cacd08c49759980ba187f7f6f0d9cb9 (patch) | |
| tree | e4471f0235cdf57ae2c418853d2e04d04cdd7df5 | |
| parent | 5ea0d19a40ad053d3d1763fb9645ba907f41c378 (diff) | |
| download | pi-bitcoindev-afefff481cacd08c49759980ba187f7f6f0d9cb9.tar.gz pi-bitcoindev-afefff481cacd08c49759980ba187f7f6f0d9cb9.zip | |
Re: [bitcoin-dev] Multisignature for bip-schnorr
| -rw-r--r-- | ed/1142b0f5477600fe663bf6a5a894edac5feca8 | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/ed/1142b0f5477600fe663bf6a5a894edac5feca8 b/ed/1142b0f5477600fe663bf6a5a894edac5feca8 new file mode 100644 index 000000000..43e71d536 --- /dev/null +++ b/ed/1142b0f5477600fe663bf6a5a894edac5feca8 @@ -0,0 +1,116 @@ +Return-Path: <nakagat@gmail.com> +Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org + [172.17.192.35]) + by mail.linuxfoundation.org (Postfix) with ESMTPS id AEBAEC83 + for <bitcoin-dev@lists.linuxfoundation.org>; + Wed, 12 Sep 2018 06:00:29 +0000 (UTC) +X-Greylist: whitelisted by SQLgrey-1.7.6 +Received: from mail-io0-f178.google.com (mail-io0-f178.google.com + [209.85.223.178]) + by smtp1.linuxfoundation.org (Postfix) with ESMTPS id AB2D4102 + for <bitcoin-dev@lists.linuxfoundation.org>; + Wed, 12 Sep 2018 06:00:28 +0000 (UTC) +Received: by mail-io0-f178.google.com with SMTP id q5-v6so588242iop.3 + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 11 Sep 2018 23:00:28 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; + h=mime-version:references:in-reply-to:from:date:message-id:subject:to + :cc:content-transfer-encoding; + bh=qxrd85G3mxf2F41VsHRtnSVIPAiuTERruI3OnlPEDz4=; + b=ecZEmLyXD+ViDRrJ7laaThy3rDXn0MnHNQBfi7puiQfYWDNE48v2CNPL762Tgme5O/ + J5vL7vs1gIVl44oUWV/572PE0XLB7v/+8IbIb5psTp7h0TPjzKVlpt4stl9WcWnGA5jN + 2taNp9QHDaqQRhXuyb/NlDPG27nzBPqWqFaUCyhoMcgO8dhPIN6HpBjPaT9S/JTLO+oG + FRmMwLCgNIekdq7442q5PaXyHhYNqf9Lpdce3RJULRR9NNn48aT7IAh+5EmRE8OFXgJq + 2PMSxpQi+b0dO1WIYl3xRNlmOs3AaH8Y2zv4hQLykM4Qu1WoEt/xA0Y71xqOmqPh+shd + 9RLw== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20161025; + h=x-gm-message-state:mime-version:references:in-reply-to:from:date + :message-id:subject:to:cc:content-transfer-encoding; + bh=qxrd85G3mxf2F41VsHRtnSVIPAiuTERruI3OnlPEDz4=; + b=C/xbfe6dTE/TrdV3XG7h3KY7wuMe+eDtR3efNKISCLOpHB++1CsV7Rw8N2Y7qt5Tio + /9rs1HhA0oEL7+q8DuYmGHItGYLVPqz6wBEwrH/C9RK+COhNWmHKcnSiwN1C57np7wLi + c6E0hK0H1YE8KnrydCB1eqEBXJQWCiWKUEFF36ETHIS476MbECCgxWiDx4uZEm5uNV5Q + 3jGD8sTzXoIkfXwJyTu/PEMpT293nqFkqfztIePsHW7vWbH6RTk3gKqxDTyMeJqcTtrG + SbhVy4GNPl8DBj3BE0uFcWtDs8jbrfYVPz+yHqcmCMH1OGPEpedWC/KDE7+QYtACgz4G + IGkg== +X-Gm-Message-State: APzg51BGZa/mY7p+N/rpamuVIUlW0PCJEP/aRhBrxxN1W5ZaVNkG5yL3 + 3OKM22CF6G35yZiZTzBSFGhAXaYtH1PByhSB2F6WKrtW +X-Google-Smtp-Source: ANB0VdbMo5EMQO28996rpWl1F5VHcJIIVqkoRiIaBGxzRw0HLrmeAA3fCnyJiKLW8NZRUqIR+zUE2YLZMRI88LZuRpE= +X-Received: by 2002:a6b:8b82:: with SMTP id + n124-v6mr209797iod.234.1536732027857; + Tue, 11 Sep 2018 23:00:27 -0700 (PDT) +MIME-Version: 1.0 +References: <CAHk9a9ct_h485MY4gk7S++FAu5FEH3PL9pd9mrrh+wA8nWaVUA@mail.gmail.com> + <80e4e9b8-0cf3-b99e-7ac3-87ebbd8bb97c@gmail.com> +In-Reply-To: <80e4e9b8-0cf3-b99e-7ac3-87ebbd8bb97c@gmail.com> +From: nakagat <nakagat@gmail.com> +Date: Wed, 12 Sep 2018 15:00:17 +0900 +Message-ID: <CAHk9a9dEu9y1-trZLyTwd3vWrwrUt2SOB=zi4covG6XkOy7ZbA@mail.gmail.com> +To: jonasdnick@gmail.com +Content-Type: text/plain; charset="UTF-8" +Content-Transfer-Encoding: quoted-printable +X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, + DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, + RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + smtp1.linux-foundation.org +X-Mailman-Approved-At: Wed, 12 Sep 2018 13:44:20 +0000 +Cc: bitcoin-dev@lists.linuxfoundation.org +Subject: Re: [bitcoin-dev] Multisignature for bip-schnorr +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.12 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Wed, 12 Sep 2018 06:00:29 -0000 + +Hi Jonas + +Thank you for your comment. + +I wrote a new text. +https://gist.github.com/tnakagawa/e6cec9a89f698997dc58a09db541e1eb + +If you have time, please review this. +2018=E5=B9=B49=E6=9C=887=E6=97=A5(=E9=87=91) 17:09 Jonas Nick <jonasdnick@g= +mail.com>: +> +> Your multisignature writeup appears to be vulnerable to key cancellation +> attacks because the aggregated public key is just the sum of public keys = +(and +> there is no proof of knowledge of the individual secret keys). Therefore,= + in a +> multisignature between Alice and an attacker, the attacker can choose the= +ir key +> to be -alice_key+attacker_key resulting in an aggregated key for which th= +e +> attacker can sign alone (without requiring Alice's partial signature). Th= +e +> Schnorr BIP links to the MuSig paper which describes a secure key aggrega= +tion +> scheme. See https://eprint.iacr.org/2018/068 +> +> On 8/7/18 6:35 AM, nakagat via bitcoin-dev wrote: +> > Hi all, +> > +> > I wrote a multisignature procedure using bip-schnorr. +> > +> > If you have time to review and give feedback, I=E2=80=99d really apprec= +iate it. +> > Thanks in advance! +> > +> > Multisignature +> > https://gist.github.com/tnakagawa/0c3bc74a9a44bd26af9b9248dfbe598b +> > +> > Original +> > https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki#Mul= +tisignatures_and_Threshold_Signatures +> > + |