summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Nick <jonasdnick@gmail.com>2023-07-26 14:59:42 +0000
committerbitcoindev <bitcoindev@gnusha.org>2023-07-26 14:59:50 +0000
commitbe0a17489e6451deba0e6e89f68312f1179bed56 (patch)
tree00e61e60e65962aba5927789320a0b30b3973495
parent16ae6133ddf5db67652b49ce3f96593d96c2dcfd (diff)
downloadpi-bitcoindev-be0a17489e6451deba0e6e89f68312f1179bed56.tar.gz
pi-bitcoindev-be0a17489e6451deba0e6e89f68312f1179bed56.zip
Re: [bitcoin-dev] Blinded 2-party Musig2
-rw-r--r--61/56c1d90d3520add9e6ac3c72cf8f380358c431121
1 files changed, 121 insertions, 0 deletions
diff --git a/61/56c1d90d3520add9e6ac3c72cf8f380358c431 b/61/56c1d90d3520add9e6ac3c72cf8f380358c431
new file mode 100644
index 000000000..9ff7b9a9f
--- /dev/null
+++ b/61/56c1d90d3520add9e6ac3c72cf8f380358c431
@@ -0,0 +1,121 @@
+Return-Path: <jonasdnick@gmail.com>
+Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
+ by lists.linuxfoundation.org (Postfix) with ESMTP id 181FDC0032
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Wed, 26 Jul 2023 14:59:50 +0000 (UTC)
+Received: from localhost (localhost [127.0.0.1])
+ by smtp2.osuosl.org (Postfix) with ESMTP id DA40040135
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Wed, 26 Jul 2023 14:59:49 +0000 (UTC)
+DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org DA40040135
+Authentication-Results: smtp2.osuosl.org;
+ dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
+ header.a=rsa-sha256 header.s=20221208 header.b=SH7HH6qn
+X-Virus-Scanned: amavisd-new at osuosl.org
+X-Spam-Flag: NO
+X-Spam-Score: -2.099
+X-Spam-Level:
+X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5
+ tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
+ DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
+ RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
+ autolearn=ham autolearn_force=no
+Received: from smtp2.osuosl.org ([127.0.0.1])
+ by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id DHYNww8msfTJ
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Wed, 26 Jul 2023 14:59:46 +0000 (UTC)
+Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com
+ [IPv6:2a00:1450:4864:20::12c])
+ by smtp2.osuosl.org (Postfix) with ESMTPS id 4B40C4174A
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Wed, 26 Jul 2023 14:59:46 +0000 (UTC)
+DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 4B40C4174A
+Received: by mail-lf1-x12c.google.com with SMTP id
+ 2adb3069b0e04-4fddd4e942eso10332824e87.3
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Wed, 26 Jul 2023 07:59:46 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=gmail.com; s=20221208; t=1690383584; x=1690988384;
+ h=content-transfer-encoding:in-reply-to:references:to
+ :content-language:subject:user-agent:mime-version:date:message-id
+ :from:from:to:cc:subject:date:message-id:reply-to;
+ bh=wBDal9jOYf73xnh4l7oi5gBacUeF7K7+kf5qTjlhoHM=;
+ b=SH7HH6qn0pc379bCdpO0+TyZMzI/r0fBBbJLXBw22Zuk9EcNI1X1lHfASve3kNcmkN
+ FHa1pQpPGj0P7Zs6XNP0MghKgQscvk3J/aPsCmhQwd8Fl6glroo7TmJFe4OfGZV580Sd
+ wybT/vxzYeREVh0YC8s/LBiVL0Wc1rh2zkE/eJOafCFz83W3b92ASFnjNttbh3uwGC9m
+ NTOLWPk+hF7OGXoCLea/fm9ovK1weqGLPZzyCgf++koN0pzPH/mPEO4+4NrOyjFi5egD
+ C16qf3HWJdcgiD6NZ7SJLvjRs61uUwOj7x34N6PTlT6cjcmKMxlyFdOJwxBjOiSSp0nn
+ hleA==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20221208; t=1690383584; x=1690988384;
+ h=content-transfer-encoding:in-reply-to:references:to
+ :content-language:subject:user-agent:mime-version:date:message-id
+ :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
+ bh=wBDal9jOYf73xnh4l7oi5gBacUeF7K7+kf5qTjlhoHM=;
+ b=aokzGwfQGtF2P6lNG3dGDYtJ8WdbuokTxCg6okCAMG70PzIgKNV5CdU2DRRPyilH5D
+ 4wjnudSsZM0KXHA9pmxYtt+e+61JwYVKDPEOHz1IFTI0wZiXm+2zh/zru8it8i5i3cE0
+ BJyD/spWnXTzuKLrmIex5P+w0W7CsP5p5FgSiE+4nFDsNyLOGqUw2D3gndRxKkcku4p9
+ 59B5fMKHwya6DktRkyjlAOMzVFCplMs0u1LY35K1pvl8jTblkoe0jQ/s6xhApu0qXgAG
+ /XjG6KllInsrvd+IyJiu+PszOQVeLTS1R+c1UKJg8QCRGcTW0rDtJxMSzvYVLVlBG3rx
+ Qg2w==
+X-Gm-Message-State: ABy/qLYmGVsxLlYjjyCpluenK+vfspLVZRbFMyf6CX/0cJi69ur0EQp4
+ zyaxhuXbMttpp4gtKw9wov4=
+X-Google-Smtp-Source: APBJJlGAspCZtH1PgGrrz1mBqKJafA/W2vcueZSIuiGg6K0otoorXfs0ORFH1kltWSOEjcqxdhSYew==
+X-Received: by 2002:a19:4f4b:0:b0:4fb:8bea:f5f6 with SMTP id
+ a11-20020a194f4b000000b004fb8beaf5f6mr1602536lfk.34.1690383583740;
+ Wed, 26 Jul 2023 07:59:43 -0700 (PDT)
+Received: from [10.11.10.42] (p50879c84.dip0.t-ipconnect.de. [80.135.156.132])
+ by smtp.googlemail.com with ESMTPSA id
+ w17-20020a05600c015100b003fbfef555d2sm2209492wmm.23.2023.07.26.07.59.43
+ (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
+ Wed, 26 Jul 2023 07:59:43 -0700 (PDT)
+From: Jonas Nick <jonasdnick@gmail.com>
+X-Google-Original-From: Jonas Nick <jonasd.nick@gmail.com>
+Message-ID: <d1db8481-140b-a0b4-8c24-4486f8a1cab6@gmail.com>
+Date: Wed, 26 Jul 2023 14:59:42 +0000
+MIME-Version: 1.0
+User-Agent: Mozilla Thunderbird
+Content-Language: en-US
+To: moonsettler <moonsettler@protonmail.com>,
+ Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com>
+ <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com>
+ <O3LTbUbjNa3SLUfJzSKDNLBCIhED_6rdOcmgLpYB9byX6HBVg3BMu3hrvY37fH4SGL8th8oJaVV6_ogl_ZOA0qTXgENq8xqQNSRB-VsHem4=@protonmail.com>
+In-Reply-To: <O3LTbUbjNa3SLUfJzSKDNLBCIhED_6rdOcmgLpYB9byX6HBVg3BMu3hrvY37fH4SGL8th8oJaVV6_ogl_ZOA0qTXgENq8xqQNSRB-VsHem4=@protonmail.com>
+Content-Type: text/plain; charset=UTF-8; format=flowed
+Content-Transfer-Encoding: 7bit
+X-Mailman-Approved-At: Wed, 26 Jul 2023 15:34:47 +0000
+Subject: Re: [bitcoin-dev] Blinded 2-party Musig2
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.15
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Wed, 26 Jul 2023 14:59:50 -0000
+
+While this may solve blinding, I don't see how it solves the problem that the
+client can forge signatures because the client is in control of challenge e'.
+This is not special to MuSig(2), but is also the reason why original blind
+Schnorr signatures are insecure (as demonstrated in David Wagner's "A
+Generalized Birthday Problem" paper).
+
+For some more recent work on blind Schnorr signatures, see:
+- https://eprint.iacr.org/2019/877.pdf Blind Schnorr Signatures and Signed
+ ElGamal Encryption in the Algebraic Group Mode
+- https://eprint.iacr.org/2020/1071.pdf On Pairing-Free Blind Signature Schemes
+ in the Algebraic Group Model
+
+In particular, the first paper proposes a less-efficient variant of blind
+Schnorr signatures that is secure under concurrent signing if the "mROS" problem
+is hard (which is imho plausible). Another potential approach is using
+commitments and a ZKP as I mentioned earlier in this thread. This scheme is
+"folklore", in the sense that it is being discussed from time to time but isn't
+specified and does not have a security proof as far as I am aware.
+