1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
Return-Path: <apoelstra@wpsoftware.net>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 5472DEE5
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 14 Sep 2018 14:38:04 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail.wpsoftware.net (wpsoftware.net [96.53.77.134])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id E169D102
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 14 Sep 2018 14:38:03 +0000 (UTC)
Received: from boulet.lan (boulot.lan [192.168.0.193])
by mail.wpsoftware.net (Postfix) with ESMTPSA id 08103401B3;
Fri, 14 Sep 2018 14:38:02 +0000 (UTC)
Date: Fri, 14 Sep 2018 14:38:02 +0000
From: Andrew Poelstra <apoelstra@wpsoftware.net>
To: Erik Aronesty <erik@q32.com>
Message-ID: <20180914143802.GG18522@boulet.lan>
References: <20180903000518.GB18522@boulet.lan>
<CAJowKg+PDtEV3je_N9Ra6u3n4+ZQ3ozYapt8ivxGYYU28Qad+w@mail.gmail.com>
<CAAS2fgT0uBGbLBOW4TxA-qCzOLwoQ1qSV-R0dMKRzPLAm_UOqQ@mail.gmail.com>
<CAJowKg+-45h6vraL1PpnqfhHSbG+G40L+FD7xN+C-Dn1E6Y_Vg@mail.gmail.com>
<CAAS2fgSfdfQ2CiEabjrjspQGQufwzk84f1mzM1j_LRWqAPd8wA@mail.gmail.com>
<CAJowKgK3Pxev4pDH4xVLPvmHda8oAfq=fya4TY+_dodUJ7j9Nw@mail.gmail.com>
<CAAS2fgQOb4UJBkH=pMre=tsbAUmMNYx=4jkBawX4Rc_dKcpwZg@mail.gmail.com>
<CAJowKgK9UdavrGnKum43dx+DXe+LakHXuVU6bNhMFtEoy2U3Og@mail.gmail.com>
<20180913184649.GC18522@boulet.lan>
<CAJowKg+0uOZ5_ryFit6-GW_fEbkXwBU8m7VAAOxgZAzP_5rF8A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="saTAHnV464s+57Yq"
Content-Disposition: inline
In-Reply-To: <CAJowKg+0uOZ5_ryFit6-GW_fEbkXwBU8m7VAAOxgZAzP_5rF8A@mail.gmail.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 14 Sep 2018 15:05:25 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Schnorr signatures BIP
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2018 14:38:04 -0000
--saTAHnV464s+57Yq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Erik,
Sorry, you're right - I thought we mentioned m-of-n as a footnote but that =
was
actually in the earlier pre-MuSig version of our multisig paper.
Threshold signatures -are- mentioned in the BIP which started this thread, =
though.
At https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki we s=
ay
"Further, by combining Schnorr signatures with Pedersen Secret Sharing,
it is possible to obtain an interactive threshold signature scheme that
ensures that signatures can only be produced by arbitrary but predeter=
mined
sets of signers. For example, k-of-n threshold signatures can be reali=
zed
this way. Furthermore, it is possible to replace the combination of
participant keys in this scheme with MuSig, though the security of that
combination still needs analysis.=20
and this combination of MuSig and VSS is exactly what is implemented in my =
code.
Cheers
Andrew
On Thu, Sep 13, 2018 at 04:20:36PM -0400, Erik Aronesty wrote:
> The paper refers to either:
>=20
> a) building up threshold signatures via concatenation, or. implicitly -
> in Bitcoin -
> b) by indicating that of M of N are valid, and requiring a validator to
> validate one of the permutations of M that signed - as opposed to a schem=
e,
> like a polynomial function, where the threshold is built in to the system.
>=20
> Maybe there's another mechanism in there that I'm not aware of - because
> it's just too simple to mention?
>=20
> - Erik
>=20
>=20
>=20
>=20
>=20
>=20
> On Thu, Sep 13, 2018 at 2:46 PM Andrew Poelstra <apoelstra@wpsoftware.net>
> wrote:
>=20
> > On Tue, Sep 11, 2018 at 01:37:59PM -0400, Erik Aronesty via bitcoin-dev
> > wrote:
> > > - Musig, by being M of M, is inherently prone to loss.
> > >
> >
> > It has always been possible to create M-of-N threshold MuSig signatures
> > for any
> > M, N with 0 < M =E2=89=A4 N. This is (a) obvious, (b) in our paper, (c)
> > implemented at
> >
> >
> > https://github.com/apoelstra/secp256k1/blob/2018-04-taproot/src/modules=
/musig/main_impl.h
> >
> > --
> > Andrew Poelstra
> > Research Director, Mathematics Department, Blockstream
> > Email: apoelstra at wpsoftware.net
> > Web: https://www.wpsoftware.net/andrew
> >
> > "Make it stop, my love; we were wrong to try
> > Never saw what we could unravel in traveling light
> > Nor how the trip debrides like a stack of slides
> > All we saw was that time is taller than space is wide"
> > --Joanna Newsom
> >
> >
--=20
Andrew Poelstra
Research Director, Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web: https://www.wpsoftware.net/andrew
"Make it stop, my love; we were wrong to try
Never saw what we could unravel in traveling light
Nor how the trip debrides like a stack of slides
All we saw was that time is taller than space is wide"
--Joanna Newsom
--saTAHnV464s+57Yq
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJbm8fJAAoJEMWI1jzkG5fBWEIH/jBmXjDblOnlppx3KUDz8YR6
8XMviWyWNxYbGdECtuPRLPy7pKXG1iDUCw9c9E3wAP+UtyIejY8GVK18F6r4aF2T
6VO3kKuceoiipilS+9gfYbHSF1LEvdcEGBR1KCdxa1IMSejUM50DY+oKf6Pb9cCn
R14GOeqHlajs8WBgVAgQ381UQn/jjMKt+yi72aJkDb6I/jlSaIEHj3IYRKbHQYSW
xyAnVl1jRt5HrLKv5m4VJkgbyWPRFXnyZLxmhUN6FkPUELKhUHrDIJTUCC+Xo5VR
BADo8zsgkudv9beQrpIYnk8u/T3mIymHev93fuRSfBBEU9P5uSt4je+4amsa3tQ=
=+koy
-----END PGP SIGNATURE-----
--saTAHnV464s+57Yq--
|
