Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 5472DEE5 for ; Fri, 14 Sep 2018 14:38:04 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.wpsoftware.net (wpsoftware.net [96.53.77.134]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id E169D102 for ; Fri, 14 Sep 2018 14:38:03 +0000 (UTC) Received: from boulet.lan (boulot.lan [192.168.0.193]) by mail.wpsoftware.net (Postfix) with ESMTPSA id 08103401B3; Fri, 14 Sep 2018 14:38:02 +0000 (UTC) Date: Fri, 14 Sep 2018 14:38:02 +0000 From: Andrew Poelstra To: Erik Aronesty Message-ID: <20180914143802.GG18522@boulet.lan> References: <20180903000518.GB18522@boulet.lan> <20180913184649.GC18522@boulet.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="saTAHnV464s+57Yq" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 14 Sep 2018 15:05:25 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Schnorr signatures BIP X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2018 14:38:04 -0000 --saTAHnV464s+57Yq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Erik, Sorry, you're right - I thought we mentioned m-of-n as a footnote but that = was actually in the earlier pre-MuSig version of our multisig paper. Threshold signatures -are- mentioned in the BIP which started this thread, = though. At https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki we s= ay "Further, by combining Schnorr signatures with Pedersen Secret Sharing, it is possible to obtain an interactive threshold signature scheme that ensures that signatures can only be produced by arbitrary but predeter= mined sets of signers. For example, k-of-n threshold signatures can be reali= zed this way. Furthermore, it is possible to replace the combination of participant keys in this scheme with MuSig, though the security of that combination still needs analysis.=20 and this combination of MuSig and VSS is exactly what is implemented in my = code. Cheers Andrew On Thu, Sep 13, 2018 at 04:20:36PM -0400, Erik Aronesty wrote: > The paper refers to either: >=20 > a) building up threshold signatures via concatenation, or. implicitly - > in Bitcoin - > b) by indicating that of M of N are valid, and requiring a validator to > validate one of the permutations of M that signed - as opposed to a schem= e, > like a polynomial function, where the threshold is built in to the system. >=20 > Maybe there's another mechanism in there that I'm not aware of - because > it's just too simple to mention? >=20 > - Erik >=20 >=20 >=20 >=20 >=20 >=20 > On Thu, Sep 13, 2018 at 2:46 PM Andrew Poelstra > wrote: >=20 > > On Tue, Sep 11, 2018 at 01:37:59PM -0400, Erik Aronesty via bitcoin-dev > > wrote: > > > - Musig, by being M of M, is inherently prone to loss. > > > > > > > It has always been possible to create M-of-N threshold MuSig signatures > > for any > > M, N with 0 < M =E2=89=A4 N. This is (a) obvious, (b) in our paper, (c) > > implemented at > > > > > > https://github.com/apoelstra/secp256k1/blob/2018-04-taproot/src/modules= /musig/main_impl.h > > > > -- > > Andrew Poelstra > > Research Director, Mathematics Department, Blockstream > > Email: apoelstra at wpsoftware.net > > Web: https://www.wpsoftware.net/andrew > > > > "Make it stop, my love; we were wrong to try > > Never saw what we could unravel in traveling light > > Nor how the trip debrides like a stack of slides > > All we saw was that time is taller than space is wide" > > --Joanna Newsom > > > > --=20 Andrew Poelstra Research Director, Mathematics Department, Blockstream Email: apoelstra at wpsoftware.net Web: https://www.wpsoftware.net/andrew "Make it stop, my love; we were wrong to try Never saw what we could unravel in traveling light Nor how the trip debrides like a stack of slides All we saw was that time is taller than space is wide" --Joanna Newsom --saTAHnV464s+57Yq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJbm8fJAAoJEMWI1jzkG5fBWEIH/jBmXjDblOnlppx3KUDz8YR6 8XMviWyWNxYbGdECtuPRLPy7pKXG1iDUCw9c9E3wAP+UtyIejY8GVK18F6r4aF2T 6VO3kKuceoiipilS+9gfYbHSF1LEvdcEGBR1KCdxa1IMSejUM50DY+oKf6Pb9cCn R14GOeqHlajs8WBgVAgQ381UQn/jjMKt+yi72aJkDb6I/jlSaIEHj3IYRKbHQYSW xyAnVl1jRt5HrLKv5m4VJkgbyWPRFXnyZLxmhUN6FkPUELKhUHrDIJTUCC+Xo5VR BADo8zsgkudv9beQrpIYnk8u/T3mIymHev93fuRSfBBEU9P5uSt4je+4amsa3tQ= =+koy -----END PGP SIGNATURE----- --saTAHnV464s+57Yq--