1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 8A5EA14DD
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 5 Sep 2018 15:35:30 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vk0-f53.google.com (mail-vk0-f53.google.com
[209.85.213.53])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 25B1A7A6
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 5 Sep 2018 15:35:29 +0000 (UTC)
Received: by mail-vk0-f53.google.com with SMTP id 125-v6so2840332vke.11
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 05 Sep 2018 08:35:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=ZMEG5evi7BDbV6JMLzMIeCq3XZO4edbhsk4YfPwGrCE=;
b=CIL8S6nmZQYu6gfKRGmiLvNooed9OmJHqyPj/NDHM2JqnypkECUmMcfLm4PZQDxeqx
W1tzpv+4JpjcjrE6Y7eKPrYCYWuAlnu//z8CSOk4habz9tJs9mEbhBOmkMwGvhZA6MBH
d/bdeA/ASF1j5Da+4O3GEqTDGDO9mlZ3mQWMg5O0ORWg8vz4xkcNpUXiuFZIedgsRWZf
mvS0L8dJKl5y8D0+4rWbHbjLSl2Bl8BNeHZy8YvX1CV8IxaIwKuzb6tUr3SarjwPuOwH
UELOlg41fy7MYLX3Zqvlu1LLy6pUvKMnULVN7f5mhM95+V4t039FGP8ttkHGyFwjdhCA
qGTA==
X-Gm-Message-State: APzg51Cw0KlWUrzsVUOwBgKhkUjtm41OtDQDvRWOhH68Yu1DFqJCCJql
CpHLZTK8N9IhoMyU7lLtaX21nUPsle52Gn0owWmoQ21O
X-Google-Smtp-Source: ANB0VdYvJ4e7X+cBzrIRVrncH0SDUQ8/OncfUf7KkGvZcAAMHS2j0tEfqq9Q/qL5Wu/uW99gsAhZ50EJb3ab56yRsho=
X-Received: by 2002:a1f:8ad3:: with SMTP id
m202-v6mr18850415vkd.9.1536161728788;
Wed, 05 Sep 2018 08:35:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAPg+sBj7f+=OYXuOMdNeJk3NBG67FSQSF8Xv3seFCvwxCWq69A@mail.gmail.com>
<2e620d305c86f65cbff44b5fba548dc85c118f84.camel@timruffing.de>
<20180812163734.GV499@boulet.lan>
<CAJowKg+h11YkwOo-gyWCw+87Oh-9K34LOnJ1730hhpoVR2m5sA@mail.gmail.com>
<20180903000518.GB18522@boulet.lan>
<CAJowKg+PDtEV3je_N9Ra6u3n4+ZQ3ozYapt8ivxGYYU28Qad+w@mail.gmail.com>
In-Reply-To: <CAJowKg+PDtEV3je_N9Ra6u3n4+ZQ3ozYapt8ivxGYYU28Qad+w@mail.gmail.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Wed, 5 Sep 2018 15:35:14 +0000
Message-ID: <CAAS2fgT0uBGbLBOW4TxA-qCzOLwoQ1qSV-R0dMKRzPLAm_UOqQ@mail.gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 06 Sep 2018 13:07:15 +0000
Subject: Re: [bitcoin-dev] Schnorr signatures BIP
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Sep 2018 15:35:30 -0000
On Wed, Sep 5, 2018 at 1:49 PM Erik Aronesty via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> Detailed explanation with code snippets:
>
> https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-[snip]
This appears to be a repost of the broken scheme you posted about on
Bitcointalk, but then failed to respond to the response.
https://bitcointalk.org/index.php?topic=4973123.0
> The more I look into it and speak to professors about i, the more it seems "so trivial nobody really talks about it".
I think you might be falling into the trap of ignoring feedback you
don't like and and accepting that which sounds like "yea yea,
something like that".
Something "like that" does work: and is expressly and explicitly
anticipated by the BIP but to be both secure and functional requires
proper delineation (E.g. musig) _and_ interaction. What you're
proposing is continually vague. My best efforts at making sense of
what you've written indicate that either it's non-interactive and
not-actually functional at all, OR it's interactive and just a less
secure subset (no proper delinearization to prevent rogue key attacks)
of what we already propose.
When Poelstra suggests a CAS implementation he means something like
this Sage notebook: http://bitcoin.ninja/secp256k1.ecdsa.sage This
provides for a method of communicating in both directions which is
completely precise.
|
