Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id B80C9C002D for ; Sun, 22 May 2022 22:26:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 9FFAE41735 for ; Sun, 22 May 2022 22:26:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id flh22Yzu6cb6 for ; Sun, 22 May 2022 22:26:19 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) by smtp4.osuosl.org (Postfix) with ESMTPS id F3A7C4172F for ; Sun, 22 May 2022 22:26:18 +0000 (UTC) Date: Sun, 22 May 2022 22:26:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1653258375; x=1653517575; bh=xkRJ8TQcNxvyp+7ZVkv5ArKzZZkSOdgOP104e6Pr2MQ=; h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=hosYtz6Sq37VFWhcV6hTVWOADzubAT40JTo3taLJF7Mhcljc4+3jrZJ6HB7ZA2bNf smDsu4PiNXqtjo/aQyvJPgTkLsBLkoFdiFc/biWbLN2X19Eu96sET0Fnj5OVqDFgF2 6VH5P867Xb9ibz8cJNeaHlj/t72/9J5viRy8AbCDEh0KBCDad7w6p3D05c7yapMahb 8PQ4khXudKj28WtpGc3w0p/SbDS7nYeHJ6qMgOMu1YZ4Aa34xJJct0FECYtOyIitSX o/g0sPIC0/ZkCijlHwKHUYDiBXdDAzvZHWv2OKq5avPueuGm/TSDP/tz0nU4rsmStO hFoKuMf8N3qTQ== To: Jonas Nick , Bitcoin Protocol Discussion From: AdamISZ Reply-To: AdamISZ Message-ID: In-Reply-To: <46175970-d2ab-a58e-7010-f29820849604@gmail.com> References: <46175970-d2ab-a58e-7010-f29820849604@gmail.com> Feedback-ID: 11565511:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Sun, 22 May 2022 22:34:00 +0000 Subject: Re: [bitcoin-dev] MuSig2 BIP X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 May 2022 22:26:20 -0000 Jonas, Many thanks for getting the BIP draft out. Particularly appreciate the refe= rence code! I have a question about identical pubkeys (including how it relates to MuSi= g2* optimization): What is the purpose of allowing this? Isn't it always the case that N equal= keys combined with M non-equal keys is logically equivalent to 1+M keys? I= t non trivially complicates certain aspects of the algorithm to allow it an= d I guess I must be missing something in my previous statement because, oth= erwise, isn't it pointless (and pretty unwise, considering how likely it is= to come from an error)? The whole 'second key' thing in MuSig2 is a sorty = of icky side effect. A valid point about this is already made in the BIP and enunciated clearly = and in detail: that MuSig2 is designed to discover lying at the partial sig= verify stage, so it's not really that I'm saying that what's in the BIP is= logically or mathematically wrong; it just seems unwise and needlessly com= plex. The case of 2 keys being identical does not imply an attacker; it is = far more likely to be a busted implementation by counterparties where they'= re accidentally using P1, P1 instead of their intended P1, P2. I suppose the key word is 'needlessly' - is there a need for this that I'm = overlooking? Cheers, waxwing/AdamISZ Sent with ProtonMail secure email. ------- Original Message ------- On Tuesday, April 5th, 2022 at 17:57, Jonas Nick via bitcoin-dev wrote: > Tim Ruffing, Elliott Jin, and I are working on a MuSig2 BIP that we would= like > to propose to the community for discussion. The BIP is compatible with BI= P340 > public keys and signatures. It supports tweaking, which allows deriving B= IP32 > child keys from aggregate keys and creating BIP341 Taproot outputs with k= ey and > script paths. You can find the BIP draft at: > https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki > > The draft is in a state where it should be possible to write an implement= ation > based on the BIP that passes the basic test vectors (as, e.g., demonstrat= ed by > [0]). The draft BIP also contains a reference implementation in python. P= lease > be aware that this is only a draft and that it may still be necessary to = make > small tweaks to the algorithms and test vectors. > > [0] https://github.com/btcsuite/btcd/pull/1820 > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev