Return-Path: <earonesty@gmail.com> Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id C7DCBC0032 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 22:06:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 8EADD40BD0 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 22:06:58 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 8EADD40BD0 Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=q32-com.20221208.gappssmtp.com header.i=@q32-com.20221208.gappssmtp.com header.a=rsa-sha256 header.s=20221208 header.b=vuyz7ToU X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.399 X-Spam-Level: X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ysRWw25SVTKX for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 22:06:57 +0000 (UTC) Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) by smtp2.osuosl.org (Postfix) with ESMTPS id B703940609 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 22:06:57 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org B703940609 Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-583b0190db4so530057b3.0 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 15:06:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=q32-com.20221208.gappssmtp.com; s=20221208; t=1690409216; x=1691014016; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YEeMfOIVxDKdShx/ApVl/f/ZibeIw2neiFGZsQW8sPg=; b=vuyz7ToUVc+EsDLLf9S13PWuf5OvbtLwy7r4xA7VUSGwklRgVAJ/TwRBzcPx6TOttY MELX5zDAA2lsHSpCG6OJyyQra21sESNvRKI/35qPqat/NuQkrdd6gRLbRF5wFZqt5LLP A14mH9QZ0SKkPuLR5ye9K4bUQAf8pCwxuTLT2S2W6cK64Hoc5gbgSYEp97I0Kvzh8T4T fuH+oAwYJ5oamtf7PzrQDRIdDBU/lhbEuB4MWr1gHhgRMqGI8Xx21HX6dZLEWWLzKL+6 MiGFsV5D/NJn525VUKjg5sWzaZwsiAn6RPI7RDFWUvs2Lv5KgusjbFYgbMXEZx2s+ILl 3EQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690409216; x=1691014016; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YEeMfOIVxDKdShx/ApVl/f/ZibeIw2neiFGZsQW8sPg=; b=eEtneTowkFgVA5tyw1qi4xjr3+K3jS5HPZiQwBsv0p6vsAvXPkWN0BLM7ib4DrdQ1h zpKig+d+j/dLIUqyMB/24buGAVk4bX3T5MPjqqqA9FZh2+iOb7Y/Vl94bbDP4XqgoxhL dQTMvakwfrU/ay9PKR0/EcH9TgDzen9APwOwQkJ2csY2rTAIFP0a00tvd7le84UPs/zU CxmAGfYwibdU+RTB7Yj7SVOaMhmQAFrddqhniRuowObvqaJbsEUwALZi/pycJDjIbLu3 3yHBK35g+VC2/Euwssb5h4vD5H03wIu/gJAV49/g7L0UPWZbLwpap9WYQPaojzH4VHvR oYJg== X-Gm-Message-State: ABy/qLY/vktThHu3F8KKoLdNz4dLjZor+iqDBzTu1DbQTrsno33Orlj7 9ceQBS6fhExG5H2IeuunJhLiRAn/xN4Jdx4EWCyQv0U= X-Google-Smtp-Source: APBJJlEd8R/EJNUh2YV8D78LtrrDz0ho94eT4dvxuMgyGBQTMFMkUwK9k/lMbj/riWQ+b+ELsynrlMeMh+aAYufaAtg= X-Received: by 2002:a81:4850:0:b0:583:f90b:f042 with SMTP id v77-20020a814850000000b00583f90bf042mr1925101ywa.0.1690409216504; Wed, 26 Jul 2023 15:06:56 -0700 (PDT) MIME-Version: 1.0 References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com> <ca674cee-6fe9-f325-7e09-f3efda082b6b@gmail.com> <YwMiFAEImHAJfAHHU7WbN1C1JuHjh0vC18Hn61QplFOlY5mEgKmjsAlj2geV1-28E36_wgfL9_QHTRJsbtOLt73o9C4JfoVt8scvYGzKHOI=@protonmail.com> <CAJowKgJ61nWBHMfNVx7J+C1QwZZMQ9zUaFQnAw1roXiPfi5O6A@mail.gmail.com> <CAJvkSsdAVFf44XXXXhXqV7JcnmV796vttHEtNEp=v-zxehUofw@mail.gmail.com> <CAJowKgJFHzXEtJij4K0SR_KvatTZMDfUEU40noMzR2ubj8OSvA@mail.gmail.com> <c5ae9d75-e64f-1565-93d0-e2b5df45d3f4@gmail.com> <CAJvkSsdRCHA6pB0mMY-7SE4GbDodAR34_RMgPrhEZAAq_8O2Aw@mail.gmail.com> In-Reply-To: <CAJvkSsdRCHA6pB0mMY-7SE4GbDodAR34_RMgPrhEZAAq_8O2Aw@mail.gmail.com> From: Erik Aronesty <erik@q32.com> Date: Wed, 26 Jul 2023 18:06:44 -0400 Message-ID: <CAJowKg+wjq8kTOmhEuu--hS2s_FvYEg61z8C_SOvFLsANesc7g@mail.gmail.com> To: Tom Trevethan <tom@commerceblock.com> Content-Type: multipart/alternative; boundary="000000000000dff90f06016b10f3" X-Mailman-Approved-At: Thu, 27 Jul 2023 00:19:01 +0000 Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> Subject: Re: [bitcoin-dev] Blinded 2-party Musig2 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Wed, 26 Jul 2023 22:06:58 -0000 --000000000000dff90f06016b10f3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable correct. you cannot select R if it is shipped with a POP On Wed, Jul 26, 2023, 4:35 PM Tom Trevethan <tom@commerceblock.com> wrote: > Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of > knowledge of the r values used to generate each R used prevents the Wagne= r > attack, no? > > On Wed, Jul 26, 2023 at 8:59=E2=80=AFPM Jonas Nick <jonasdnick@gmail.com>= wrote: > >> None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned = an >> attack on the nonces, I mentioned an attack on the challenge c) can be >> prevented >> by proving knowledge of the signing key (usually known as proof of >> possession, >> PoP). >> > --000000000000dff90f06016b10f3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto">correct.=C2=A0 you cannot select R if it is shipped with = a POP=C2=A0</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"g= mail_attr">On Wed, Jul 26, 2023, 4:35 PM Tom Trevethan <<a href=3D"mailt= o:tom@commerceblock.com">tom@commerceblock.com</a>> wrote:<br></div><blo= ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c= cc solid;padding-left:1ex"><div dir=3D"ltr">Not 'signing' but '= secret' i.e. the r values (ephemeral keys). Proof of knowledge of the r= values used to generate each R used prevents the Wagner attack, no?</div><= br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed,= Jul 26, 2023 at 8:59=E2=80=AFPM Jonas Nick <<a href=3D"mailto:jonasdnic= k@gmail.com" target=3D"_blank" rel=3D"noreferrer">jonasdnick@gmail.com</a>&= gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0= px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">None = of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an<br> attack on the nonces, I mentioned an attack on the challenge c) can be prev= ented<br> by proving knowledge of the signing key (usually known as proof of possessi= on,<br> PoP).<br> </blockquote></div> </blockquote></div> --000000000000dff90f06016b10f3--