Return-Path: <dave@dtrt.org>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id DAE92C000E
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 25 Jul 2021 04:50:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id B6666605E9
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 25 Jul 2021 04:50:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 3.509
X-Spam-Level: ***
X-Spam-Status: No, score=3.509 tagged_above=-999 required=5
 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_SBL_CSS=3.335,
 RCVD_IN_XBL=0.375, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
 autolearn=no autolearn_force=no
Authentication-Results: smtp3.osuosl.org (amavisd-new);
 dkim=pass (1024-bit key) header.d=dtrt.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id XzKD1IwyE86B
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 25 Jul 2021 04:50:33 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from newmail.dtrt.org (newmail.dtrt.org
 [IPv6:2600:3c03::f03c:91ff:fe7b:78d1])
 by smtp3.osuosl.org (Postfix) with ESMTPS id A5040605DF
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sun, 25 Jul 2021 04:50:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dtrt.org;
 s=20201208; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
 Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=fj7i5stN58WTn6AfWdrhFTHW0fAyiyJnAs1HoJCzxXE=; b=CunB7Ui6GVWhztVWmgCQvGD1ZF
 gABc3ywODIX3mQpcHBmp4Ijaz5OJjAzts++goLkTxRH2/Vs1wDHJhpuxAa4vujrSD03fcEW+81Xom
 qWt6bVGA5T+UdQTe9n0J+bEzGDsVQG858z2JvazsYopS+jaEXOcvjGVH19RU7YlHcvFg=;
Received: from harding by newmail.dtrt.org with local (Exim 4.92)
 (envelope-from <dave@dtrt.org>)
 id 1m7W5v-0001fK-GL; Sat, 24 Jul 2021 18:50:31 -1000
Date: Sat, 24 Jul 2021 18:49:24 -1000
From: "David A. Harding" <dave@dtrt.org>
To: Michael Flaxman <michael.flaxman@protonmail.com>,
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20210725044924.k5zhlwiatyq4i3c2@ganymede>
References: <CfD2116tK9mH7-X40QXgiPw8lf-DoWqz_YaqurUg-6LhTPgCjhSq94gVHg4SOChkJZtOTafy4Qd9-_TkBr1tjAOO9GZojVjr3U65ruPhLlI=@protonmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="6mi2f2cxkcxkem5p"
Content-Disposition: inline
In-Reply-To: <CfD2116tK9mH7-X40QXgiPw8lf-DoWqz_YaqurUg-6LhTPgCjhSq94gVHg4SOChkJZtOTafy4Qd9-_TkBr1tjAOO9GZojVjr3U65ruPhLlI=@protonmail.com>
User-Agent: NeoMutt/20180716
Subject: Re: [bitcoin-dev] Multisig Enhanced Privacy Scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2021 04:50:36 -0000


--6mi2f2cxkcxkem5p
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Jul 20, 2021 at 07:44:19PM +0000, Michael Flaxman via bitcoin-dev wrote:
> I've been working on ways to prevent privacy leaks in multisig
> quorums, and have come up with a creative use of BIP32 paths.

It seems to me like it would be rare for an attacker to obtain a private
BIP32 seed but not simultaneously learn what HD paths it's being used with.
I assume basically everyone is storing their descriptors (or descriptor
equivalents) alongside their seeds; doing so helps ensure a robust
recovery.

However, to the degree that privacy from seed thieves is a problem we
want to solve, I think it's largely fixed by using taproot with
multisignatures and threshold signatures.  As long as participants
aren't reusing the same keys in different contexts, it shouldn't be
possible for a third party who doesn't know all involved pubkeys to
determine that any particular aggregated pubkey contained material from
a certain base pubkey.

I would suggest that it's probably more beneficial for wallet authors to
work on implementing support for taproot and MuSig or MuSig2 than
support for this scheme, although maybe I'm misunderstanding this
scheme's motivation.

-Dave

--6mi2f2cxkcxkem5p
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgxUkqkMp0LnoXjCr2dtBqWwiadMFAmD87VQACgkQ2dtBqWwi
adOthxAAjRZ5rTDIb7iInCG/2iVGWAb0z1KzosjVgJXR3NoqF1TMN0wWJOF3YVO4
2LENv+uqomJy1Kh5GIELJmOxYXtAodyFc2ksJIUu1xpDTSYPwri1yiNk/bS8JktO
+sOnt5blFgrLI9K5HwBilROov+YelELXZQyKyzfxVY+Lsuz4DKYNOkQ6m0cSM/GL
4vXBQmdi/MFlbSaeiwGPp1gmKm2gY0TiywOlA/Cqa14tSw/9nGOv7YZNddn7a9SI
vJCfLduQGncZk/XSpxdZbRX3P06HOyV0UHE98cJkaeQiJgKb+zL7bMtAIDqWO8CG
Ce2kDHTu4dvUu3X0NcGRXVmHR/bi9QaMQQYf0Y/aRz6M6yAzwkPJ1H1M9vlblZmD
Pcw1QcpKk1u4jsWRu1VrzADar0gFd6lXjCvOmpUPqTNw7peaT86HUbWWV5UwhxCN
ausYJGI44RZJJu89LJ21Gq9FhtvTNJgozpttbSGZTdNAJJC1wwecf57wbjsLwSpW
1cC75KL+3y2jZY5wVjRua9u+XNZSvmh8AWAiwfwxtFRNWWckUStbzGNTdmgopyJb
UFdxmNMrQxIX17mqzIuC3oy/NwWXAnxeQ+VzQF5xRGuYwgirBxNmLgL6YkdgT2fy
FWu78i0Xjs9DOozU7/D3Lm9WdD9OejZmZw+PaRZIidBPuuMq3sY=
=E6ie
-----END PGP SIGNATURE-----

--6mi2f2cxkcxkem5p--