1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
Delivery-date: Tue, 03 Jun 2025 14:40:55 -0700
Received: from mail-oa1-f56.google.com ([209.85.160.56])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABBXOX7XAQMGQEZ3XJF3Y@googlegroups.com>)
id 1uMZNP-0001mj-1g
for bitcoindev@gnusha.org; Tue, 03 Jun 2025 14:40:55 -0700
Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-2e901debe9fsf2036391fac.1
for <bitcoindev@gnusha.org>; Tue, 03 Jun 2025 14:40:54 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1748986849; cv=pass;
d=google.com; s=arc-20240605;
b=iu2gP10tg8sda5UWjvH1wVa4P4Iqekt6fwZttLd2VTA0wpVzuSttf0uq+vRZ7CBlje
dvG3TGMudSE+U6VMmMKP+qe5MeWitrSPd7LyqR5nyUvvVMLIcbzGthFRB8ZotqcnpJuD
nKMLu1mvZafRVYxXNht/3uirKjSCqo3GLD/7f5qMdGGBozuTMsOvDjpJa9bTxIyqh/F3
Rb3r1CxGoDkcoN/OERyFgtMCiq6ef+gicBOrFgaocCFqcKZXGUKjdNb+z5ENrApybYn4
1pyBPyk4/EW1jo2MqA52QbTU8vyiq0ELQHj22dDP0BQgp+sO+6AYpOdBrb07dQSoLiEl
dNwQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:content-transfer-encoding
:mime-version:feedback-id:references:in-reply-to:message-id:subject
:cc:from:to:date:dkim-signature;
bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=;
fh=BEcRhtwrlVhf5+OhI7SU6Lc4EE5gL1tiGtvuKAYLTf0=;
b=OJSM7Iqr1XFhQTDo9GU6ngyjW3dpcOJlj9F96VpZdBLtBTS9BpU5r3jaLiQjb4wnOj
jMR+SEOgkzeU1v00QVZUWjkyBku+Pa7ZOujnJ8/EbHAuoWTJrfbKG5IhfdW3MZBn8224
y5SAAdadb+KmTVREVQauRPFwvQdT9jtzsAJYbUuOFIjUOIeG6VsAjIabaA+oxpI1gD/i
iJ9lPPQ9+z/+rzxgsyVkrPZAOt6M+3G2SXvc9oHMlILaI1gr9QL9M1vtIOoC3d6FDJir
RQa5Bga0pO3sIwNMUBE46L6Pj6TUlcMTzLB6jpW1oXZHI4IuH55uZ+IXHkPk2bcf80Lk
7owQ==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX;
spf=pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) smtp.mailfrom=lists@achow101.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1748986849; x=1749591649; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender
:content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:cc:from:to:date:from:to:cc:subject
:date:message-id:reply-to;
bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=;
b=VcHE/1A82CIwCHORoblg4O470yEmqwb7SPcuBTrM8VTer8EFCaM+9a1MoO7Ie31cHq
PO2k/+LI6N8IeN2ESUEoy26tvkNtljEuRj4PDBZLPINtFysfKwdDjyAcy6flhmvSrMbh
bcRTAvuGtBR+1GpIOi4ICh7gRwUxwqaENUkqcegAISe0vKrpbJt9kTHu6pLejg/eYW5O
MzfBCHqPzTJuDC+f2pnKP1i/N9csqRY8EScWIdU2rEomYLRh43JmQ5CT7IonXT5DOsng
gCObdOWJUGzIj36r8yOQZpizjloJqxpPW4NaV0uGFkLHy2xKtxOSDCu1uhi01bP6OWAl
UIlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1748986849; x=1749591649;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender
:content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:cc:from:to:date:x-beenthere
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=;
b=GwMFCI485Dgt3ZgKDHV6Ua0KyR9nm5FJlCqxJyieOw1JO5rRFIWTx/uRk4YAggdNBV
+jBCQf/b4hxT+oRtjsXFtAseMRpkrUgq7b9nSEnq7dbxvKhIlsX6iLnAew080/MU9hsx
/7avsYsJqz+8h5jJLY4HYLYvo/gnHCmCPGhR5oFRrnjfolXZFdKdbmQmcF5XqGzxXMBk
nWVyLxgKzx1YpUR7Fg9GtEKgXZkynrC3ZtG7yaIkdzQKxM56/qFVrfPldOlfJU4pPyCd
jUcfgmG7FYmTcE3h2W3HGSM7qmld257gU9iGV6Rt5p4EGhWS+4N9SCnPV6qTkOLHqbgA
YbyQ==
X-Forwarded-Encrypted: i=2; AJvYcCVsGkN3+FxPLNxpXArW0z2pCj+F30VyJhEo8GB+LQCB/g9vdNCYBrIaSBIdJdfEBzT6FloNAhY/vp1u@gnusha.org
X-Gm-Message-State: AOJu0YwXrF85ajbyTG+jWYuiOgfFkM2cwhuye9xq0fetAM7OpkRG06N0
RXF+I3sRAUTksYjDn5uxDnCt5hI2+YUoEmr5ZaRaBagCbnGYGd+US8uA
X-Google-Smtp-Source: AGHT+IHZtvfk13julkNJ7SjEYYqkBxkusnYxG4WGCaA/hMKZ4bat9FRSRkSdy084xYvBZzpGcPv0AA==
X-Received: by 2002:a05:6870:7a0e:b0:2c2:542b:bce4 with SMTP id 586e51a60fabf-2e9bf15af97mr288751fac.8.1748986849013;
Tue, 03 Jun 2025 14:40:49 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZf6BFQELWEGU5xtpuCWO78ToHopjrmtcWjo76e6jWTgjQ==
Received: by 2002:a05:6870:1157:b0:2e8:f768:9183 with SMTP id
586e51a60fabf-2e8fe4ae3e0ls2121418fac.0.-pod-prod-02-us; Tue, 03 Jun 2025
14:40:45 -0700 (PDT)
X-Received: by 2002:a05:6808:3306:b0:3fe:b1fd:527f with SMTP id 5614622812f47-408f0e9fda7mr522355b6e.1.1748986845540;
Tue, 03 Jun 2025 14:40:45 -0700 (PDT)
Received: by 2002:a05:600c:4930:b0:442:dc76:9493 with SMTP id 5b1f17b1804b1-451ee59ec23ms5e9;
Tue, 3 Jun 2025 14:38:28 -0700 (PDT)
X-Received: by 2002:a05:600c:a49:b0:442:f482:c429 with SMTP id 5b1f17b1804b1-451f0a72994mr1959015e9.8.1748986706900;
Tue, 03 Jun 2025 14:38:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1748986706; cv=none;
d=google.com; s=arc-20240605;
b=U2umfh6Rw9K0LpVHDrjuf4DJdQSh0TVfuXU3w3AQbRyCFtf5vwx6AtOIycPb8OW7x4
acGDgHihg4txiMGFoV+v1ymxSEw1PsDQO2x+uyj7IER0c8Q5ip8gy9pLhm39/r1wZhwj
vMrG0mpghBh0bdUR35zbb3LiB6Om+8Ma539zKakJlhNm368iBqDQ+XgjECmpPiFHXlZ7
P1FOlHM1zzW8C3uhfGT+XYjgx2/KTCFcC/C5QsgdcumQfaELyCFkQd2NzJ3WoIYMcA8W
GB1F8zIhnOjyxvdLOB3jHzeJKJDVxw3b/cicDClJg/jOs2t+GsrrimZyaYhqf5Q+31+N
vD1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:cc:from:to:date:dkim-signature;
bh=rbV33oDIzu+XaoFBoBTi7j8m4Ue+0resVeSgqNNokNg=;
fh=Zedq5pd0qyqVsmfgG+8/Y9cUOZXbXVTvFM2iZX29U/g=;
b=k0jAne4aIGYcQXW7MpAn448RaRAtKbxlAfOFJ021Ns404A44mdi5i5EnkvPmZKcvqn
hnIICAmqXbs2W6FKgP42MtmlZ88NaCnrXmPbxPc98HCECxs7tV5bLMoZaiQZIUenrzG+
gTB/TT40S6PstOepNltRVhyUQGyxU5p4+qPG7C7ScGWUEuIujwqpQsPlga53RvH/LN3i
/0emv19J8sYgs3kfAMttTnxdoYH77e4hRfYgthu1HKxjXbrxKXDGVtWN2NIE8aPRHpTK
5lbsAU+hoX5XxSDjrHcPM4SVRKI2+VcdHq0YIxfuki2FyvNGoL07FF3mJG2oQ532iB2F
3xBw==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX;
spf=pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) smtp.mailfrom=lists@achow101.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
Received: from mail-10624.protonmail.ch (mail-10624.protonmail.ch. [79.135.106.24])
by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-451e505b5fdsi574105e9.0.2025.06.03.14.38.26
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 03 Jun 2025 14:38:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) client-ip=79.135.106.24;
Date: Tue, 03 Jun 2025 21:38:20 +0000
To: Nagaev Boris <bnagaev@gmail.com>
From: "'Ava Chow' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Cc: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] Allowing Duplicate Keys in BIP 390 musig() Expressions
Message-ID: <9a25e808-1821-404c-bd47-f0ab78bca936@achow101.com>
In-Reply-To: <CAFC_Vt5z+B+F=QOytZ96ptRFweX1aGBV-CXHqwv54UAyo_iiAw@mail.gmail.com>
References: <08dbeffd-64ec-4ade-b297-6d2cbeb5401c@achow101.com> <CAFC_Vt5z+B+F=QOytZ96ptRFweX1aGBV-CXHqwv54UAyo_iiAw@mail.gmail.com>
Feedback-ID: 53660394:user:proton
X-Pm-Message-ID: f03511f6051c2c219c14bf69c6c35114bcb9efe9
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Original-Sender: lists@achow101.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX; spf=pass
(google.com: domain of lists@achow101.com designates 79.135.106.24 as
permitted sender) smtp.mailfrom=lists@achow101.com; dmarc=pass
(p=REJECT sp=REJECT dis=NONE) header.from=achow101.com
X-Original-From: Ava Chow <lists@achow101.com>
Reply-To: Ava Chow <lists@achow101.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)
Hi Boris,
BIP 327 explicitly allows for duplicate participant pubkeys, so as long=20
as all signing procedures follow the BIP, everything will be fine. Also,=20
BIP 327 explicitly warns against deterministic nonces for reasons=20
unrelated to duplicate pubkeys.
Although, allowing duplicates does bring up an additional issue with the=20
MuSig2 PSBT fields as these inherently do not allow duplicate pubkeys.
Ava
On 06/03/2025 02:26 PM, Nagaev Boris wrote:
> Hi Ava,
>
> Is it safe to allow multiple participants to have the same public key?
> If deterministic nonce generation is used (deriving each participant's
> nonce from the message, the set of public keys, and the participant's
> private key), duplicate public keys would lead to identical nonces.
>
> While this may not be catastrophic (since they are signing the same
> message and the private key likely can't be extracted) it still seems
> risky. Identical nonces can have unexpected consequences, and I'm not
> sure if all security assumptions would still hold.
>
> Curious what you think.
>
> Best,
> Boris
>
> On Tue, Jun 3, 2025 at 6:08=E2=80=AFPM 'Ava Chow' via Bitcoin Development
> Mailing List <bitcoindev@googlegroups.com> wrote:
>> Hi All,
>>
>> In implementing musig() descriptor expressions, I realized that the
>> restriction "Repeated participant public keys are not allowed" is a bit
>> complicated to implement. While I don't see why anyone would want to
>> duplicate keys, MuSig2 does allow duplicate participant keys and
>> allowing them would make the implementation of musig() expressions much
>> easier. Thus I'd like to propose changing the BIP to remove this
>> restriction.
>>
>> Has anyone implemented musig() expressions yet with this restriction,
>> and would removing it be a significant breaking change to anyone? If
>> not, I'll make the change to the BIP in a few days.
>>
>> Thanks,
>>
>> Ava
>>
>>
>> --
>> You received this message because you are subscribed to the Google Group=
s "Bitcoin Development Mailing List" group.
>> To unsubscribe from this group and stop receiving emails from it, send a=
n email to bitcoindev+unsubscribe@googlegroups.com.
>> To view this discussion visit https://groups.google.com/d/msgid/bitcoind=
ev/08dbeffd-64ec-4ade-b297-6d2cbeb5401c%40achow101.com.
>
>
> --
> Best regards,
> Boris Nagaev
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
9a25e808-1821-404c-bd47-f0ab78bca936%40achow101.com.
|
