diff options
| author | Erik Aronesty <erik@q32.com> | 2018-09-05 09:14:55 -0400 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2018-09-05 13:15:13 +0000 |
| commit | bce25fac983b08a7e93735ef3d2e34c8a6ff4030 (patch) | |
| tree | 9bf77f701f74b71f9681027a5feed87ce6aa1160 | |
| parent | 5bd667c5c3f323ef19c217ba85c771e465130f80 (diff) | |
| download | pi-bitcoindev-bce25fac983b08a7e93735ef3d2e34c8a6ff4030.tar.gz pi-bitcoindev-bce25fac983b08a7e93735ef3d2e34c8a6ff4030.zip | |
Re: [bitcoin-dev] Schnorr signatures BIP
| -rw-r--r-- | 1f/c151f359ff8b3fb69265519b0755734aced355 | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/1f/c151f359ff8b3fb69265519b0755734aced355 b/1f/c151f359ff8b3fb69265519b0755734aced355 new file mode 100644 index 000000000..1de069f99 --- /dev/null +++ b/1f/c151f359ff8b3fb69265519b0755734aced355 @@ -0,0 +1,239 @@ +Return-Path: <earonesty@gmail.com> +Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org + [172.17.192.35]) + by mail.linuxfoundation.org (Postfix) with ESMTPS id 809FBE8F + for <bitcoin-dev@lists.linuxfoundation.org>; + Wed, 5 Sep 2018 13:15:13 +0000 (UTC) +X-Greylist: whitelisted by SQLgrey-1.7.6 +Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com + [209.85.221.52]) + by smtp1.linuxfoundation.org (Postfix) with ESMTPS id C149AA8 + for <bitcoin-dev@lists.linuxfoundation.org>; + Wed, 5 Sep 2018 13:15:12 +0000 (UTC) +Received: by mail-wr1-f52.google.com with SMTP id u12-v6so7621509wrr.4 + for <bitcoin-dev@lists.linuxfoundation.org>; + Wed, 05 Sep 2018 06:15:12 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=q32-com.20150623.gappssmtp.com; s=20150623; + h=mime-version:references:in-reply-to:from:date:message-id:subject:to + :cc; bh=UjmK0CbsDua3lNifOWuSS2wBaU7c7pvBuu9D4+wCJ4U=; + b=YXd1v2qswGlSgH/rCSTisfH53c1s9cz2GA8/zpFjJkIKlEG40dXXQRUlsWZMSVgmiQ + JTiOKa/TGjVYDIcjovUq51e3DHRVr/GFWZP3PvChqdui934qyndDAN5LBlxNky8ZocAM + DbwOoVk2WICYnTgFJfjBkOZtDkdX8EPjXSkgXYzGzHH8tUK/jyhD8XBhq2vpdedrnJqO + 1qkLL+IC3HNz7ljuR0eQLt+HVh/7uhsp7tk6ig2BcmpxMiFv6bAfUQInEZZ4dueABQtL + MSSAYCBOCDMxaTKrxjdmVjcMN6SrZsYZuqxc+h4bdb3R2QLQWrb3RlVtkkDhGsfT2lNA + Lp9w== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20161025; + h=x-gm-message-state:mime-version:references:in-reply-to:from:date + :message-id:subject:to:cc; + bh=UjmK0CbsDua3lNifOWuSS2wBaU7c7pvBuu9D4+wCJ4U=; + b=J6kLvyJtpTjvLDevJbPGMR/hdeIJWyOzcUUwJ24iquEuv5dbzF4aeQSYc/ns7k03MH + 0ZPXvnLODTPVLaXfrtcCA/kj3blaAZbpOVWBl9iXO1nBTUUCbOPQ1ndzrXpXDsyzuvBA + tz1DYPL+hGEsCnYTE/GX4zWbKJMmifzXdymdwm9L9Zf4zQPy2NeqXcwVk8lOBiNdlW0A + kljjWQa45armcVA5bcctNEbcNow2O5AJGbRrQzQ/NQKByrk5DTFirUrNENdrOdt4OKfn + 7PE0xA/4spsiBvUvDGOJyDy6Tu9Mb4sUt6ztgCrwVbT9v846QBf6zjsZH5nZE7RkEoaY + Fx7Q== +X-Gm-Message-State: APzg51DsO3bXgXgK3ZRR2jp/gLoRGDbmBf/yXtG265Q1AftanRS8mpr4 + e6QlNYAc8Q0N/Ru2dj0Fv408FkyjYI56OLB6eMM1QYA= +X-Google-Smtp-Source: ANB0Vdbtg3tgd0p+WFAjlQqTkCmlahGdBhn8vFpSm6PW9JzB4zpR9gTuijGj+QIJ+kLV7/plGoiehK2ezJOPEf4WgII= +X-Received: by 2002:adf:f687:: with SMTP id + v7-v6mr26646117wrp.201.1536153311156; + Wed, 05 Sep 2018 06:15:11 -0700 (PDT) +MIME-Version: 1.0 +References: <CAPg+sBj7f+=OYXuOMdNeJk3NBG67FSQSF8Xv3seFCvwxCWq69A@mail.gmail.com> + <2e620d305c86f65cbff44b5fba548dc85c118f84.camel@timruffing.de> + <20180812163734.GV499@boulet.lan> + <CAJowKg+h11YkwOo-gyWCw+87Oh-9K34LOnJ1730hhpoVR2m5sA@mail.gmail.com> + <20180903000518.GB18522@boulet.lan> + <CAJowKg+PDtEV3je_N9Ra6u3n4+ZQ3ozYapt8ivxGYYU28Qad+w@mail.gmail.com> + <20180905130559.GH18522@boulet.lan> +In-Reply-To: <20180905130559.GH18522@boulet.lan> +From: Erik Aronesty <erik@q32.com> +Date: Wed, 5 Sep 2018 09:14:55 -0400 +Message-ID: <CAJowKgKOu2G37dkhyKGhFJswhq_D0N0Bz4YPiBFjWTNhGWZFCg@mail.gmail.com> +To: apoelstra@wpsoftware.net +Content-Type: multipart/alternative; boundary="0000000000006ea41a05751f90c0" +X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, + DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE, + RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + smtp1.linux-foundation.org +X-Mailman-Approved-At: Wed, 05 Sep 2018 13:44:12 +0000 +Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +Subject: Re: [bitcoin-dev] Schnorr signatures BIP +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.12 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Wed, 05 Sep 2018 13:15:13 -0000 + +--0000000000006ea41a05751f90c0 +Content-Type: text/plain; charset="UTF-8" + +Correct, there is an interaction step to deduce G*k, when signing, each +participant has to publishes G*ki. I didn't talk about it. That doesn't +break it, but you're correct, it's not non-interactive. + +On Wed, Sep 5, 2018 at 9:06 AM Andrew Poelstra <apoelstra@wpsoftware.net> +wrote: + +> On Wed, Sep 05, 2018 at 08:26:14AM -0400, Erik Aronesty wrote: +> > Why would you call it FUD? All the weird hemming and hawing about it is +> > really strange to me. The more I look into it and speak to professors +> > about i, the more it seems "so trivial nobody really talks about it". +> > +> > 1. Generate an M of N shared public key (done in advance of signing .... +> > this gets you the bitcoin address) +> > 2. Generate signature fragments (this can be done offline, with no +> > communication between participants) +> > +> > Detailed explanation with code snippets: +> > +> > +> https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f +> > +> +> The hemming and hawing is because you've been repeatedly told that your +> scheme doesn't work, and to please implement it in some computer algebra +> system so that you can see that (or so we can see where your mistake is), +> and you instead continue to post incomplete/incoherent copies of the same +> thing across multiple mediums - Reddit, this list, Bitcointalk, Medium, +> etc ad nauseum. +> +> It's distracting and offensive to people who have spent a lot of time and +> energy thinking about this stuff, and more importantly it causes confusion +> in the public eye. Phrasings like "weird hemming and hawing" suggest that +> we don't know/don't care about some insight you have, which is not true. +> This is why your posts are FUD. +> +> For example, in your linked post I looked at every single instance of the +> character 'k' and *not one of them* defined the value 'k' from which 'R' +> is derived in the signing procedure. +> +> +> Of course there is no possible value, individual signers cannot learn 'R' +> at signing time without interaction, and your whole scheme is broken. Given +> the number of times you've been told this, I find it hard to believe that +> this was an honest mistake. +> +> +> +> Andrew +> +> +> +> -- +> Andrew Poelstra +> Research Director, Mathematics Department, Blockstream +> Email: apoelstra at wpsoftware.net +> Web: https://www.wpsoftware.net/andrew +> +> "Make it stop, my love; we were wrong to try +> Never saw what we could unravel in traveling light +> Nor how the trip debrides like a stack of slides +> All we saw was that time is taller than space is wide" +> --Joanna Newsom +> +> + +--0000000000006ea41a05751f90c0 +Content-Type: text/html; charset="UTF-8" +Content-Transfer-Encoding: quoted-printable + +<div dir=3D"ltr"><div dir=3D"ltr">Correct, there is an interaction step to = +deduce G*k, when signing, each participant has to publishes G*ki. I didn= +9;t talk about it.=C2=A0=C2=A0 That doesn't break it, but you're co= +rrect, it's not non-interactive.<br></div></div><br><div class=3D"gmail= +_quote"><div dir=3D"ltr">On Wed, Sep 5, 2018 at 9:06 AM Andrew Poelstra <= +;<a href=3D"mailto:apoelstra@wpsoftware.net">apoelstra@wpsoftware.net</a>&g= +t; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 = +.8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Sep 05, 2018 at 0= +8:26:14AM -0400, Erik Aronesty wrote:<br> +> Why would you call it FUD?=C2=A0 =C2=A0All the weird hemming and hawin= +g about it is<br> +> really strange to me.=C2=A0 The more I look into it and speak to profe= +ssors<br> +> about i, the more it seems "so trivial nobody really talks about = +it".<br> +> <br> +> 1. Generate an M of N shared public key (done in advance of signing ..= +..<br> +> this gets you the bitcoin address)<br> +> 2. Generate signature fragments (this can be done offline, with no<br> +> communication between participants)<br> +> <br> +> Detailed explanation with code snippets:<br> +> <br> +> <a href=3D"https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-schem= +e-e7860ab34e7f" rel=3D"noreferrer" target=3D"_blank">https://medium.com/@si= +mulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f</a><br> +><br> +<br> +The hemming and hawing is because you've been repeatedly told that your= +<br> +scheme doesn't work, and to please implement it in some computer algebr= +a<br> +system so that you can see that (or so we can see where your mistake is),<b= +r> +and you instead continue to post incomplete/incoherent copies of the same<b= +r> +thing across multiple mediums - Reddit, this list, Bitcointalk, Medium,<br> +etc ad nauseum.<br> +<br> +It's distracting and offensive to people who have spent a lot of time a= +nd<br> +energy thinking about this stuff, and more importantly it causes confusion<= +br> +in the public eye. Phrasings like "weird hemming and hawing" sugg= +est that<br> +we don't know/don't care about some insight you have, which is not = +true.<br> +This is why your posts are FUD.<br> +<br> +For example, in your linked post I looked at every single instance of the<b= +r> +character 'k' and *not one of them* defined the value 'k' f= +rom which 'R'<br> +is derived in the signing procedure.<br> +<br> +<br> +Of course there is no possible value, individual signers cannot learn '= +R'<br> +at signing time without interaction, and your whole scheme is broken. Given= +<br> +the number of times you've been told this, I find it hard to believe th= +at<br> +this was an honest mistake.<br> +<br> +<br> +<br> +Andrew<br> +<br> +<br> +<br> +-- <br> +Andrew Poelstra<br> +Research Director, Mathematics Department, Blockstream<br> +Email: apoelstra at <a href=3D"http://wpsoftware.net" rel=3D"noreferrer" ta= +rget=3D"_blank">wpsoftware.net</a><br> +Web:=C2=A0 =C2=A0<a href=3D"https://www.wpsoftware.net/andrew" rel=3D"noref= +errer" target=3D"_blank">https://www.wpsoftware.net/andrew</a><br> +<br> +"Make it stop, my love; we were wrong to try<br> +=C2=A0Never saw what we could unravel in traveling light<br> +=C2=A0Nor how the trip debrides like a stack of slides<br> +=C2=A0All we saw was that time is taller than space is wide"<br> +=C2=A0 =C2=A0 =C2=A0 =C2=A0--Joanna Newsom<br> +<br> +</blockquote></div> + +--0000000000006ea41a05751f90c0-- + |