1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
Return-Path: <jonasdnick@gmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 13533C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 17 Jul 2022 20:45:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id E06C041574
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 17 Jul 2022 20:45:35 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org E06C041574
Authentication-Results: smtp4.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20210112 header.b=aIaNycaq
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ulA7PeAitzbB
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 17 Jul 2022 20:45:35 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C8CB141554
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com
[IPv6:2a00:1450:4864:20::52c])
by smtp4.osuosl.org (Postfix) with ESMTPS id C8CB141554
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 17 Jul 2022 20:45:34 +0000 (UTC)
Received: by mail-ed1-x52c.google.com with SMTP id r6so12920554edd.7
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 17 Jul 2022 13:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=from:message-id:date:mime-version:user-agent:subject
:content-language:to:references:in-reply-to
:content-transfer-encoding;
bh=FT1620G+82fyyrzv+FiNV29eG8PdWSHi+PuceGsDiCk=;
b=aIaNycaq5aRHp53n3lZmqxNu4q33ftUpyDrACubxwZ+yZPN0T3Gunv9bfyC+rNIec1
hrtEkLHANg2yFyRA2jWi3wUiCrlIfWGl1ujC6Ur42IOxDua+OFG0pSNRievzuDCUsxfF
Pl9sS8yhocRrzoXPQuxpNjp4fLqtLcLori5p2/Xr2DsZnJ5+KnjK1ILim4k+IyR/H4Ur
jDUDgZVYtWsRNYtoDNyAAPYMBkwu0Mk695MBlrvxwyr7+x9yjnQv842K2Vc1ctgbMSI5
s+v/+RfGDQfNf6UJosdNl4LhHVrsRpww0fqH6m/JBsL8f31bzgsKW56nZtBCBCd93RVA
JD9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:message-id:date:mime-version:user-agent
:subject:content-language:to:references:in-reply-to
:content-transfer-encoding;
bh=FT1620G+82fyyrzv+FiNV29eG8PdWSHi+PuceGsDiCk=;
b=Gq8/n/9Qkx38Vb+0K4yVe5wXvCWKTEtO8faBfAv+QPgU5HDumxW+UW2qbb5qmd+xwi
DTPKcuwN4lXKgMVuGS5W/jrwgHiKCJVafSA6I6yH1mVqcB6ewEaihnEBtFHoPeWD+uBm
5EFyaQBgF15KwTkeGqj9wGvre4oxR+ZVZLLLEaAI7FJIu1EA6P3jyfoL6LA1GZ0Qz0gV
i/d5fa5LNk0tjM2WPGP2K5DPWdJBnCjGbIsxY09QRq05CVmauVrPeB60fCFNeiiHquBR
iplEF6Y+PiY2af+xHy9Neo5yTeG4IwaPmu5P1CmAYkJKRy0ypjsjXFdJvdLIBTguGEIf
tJCg==
X-Gm-Message-State: AJIora85YZab2CGSeq2Wh+tfbP8IPMdZ5ZNQDkEKoPdm1Y+94D5bvejW
FnGVOBhZ6yrcMM3T3+qEZFQ=
X-Google-Smtp-Source: AGRyM1tCgeCrmRtseLnThm5atV5IKXD0NhwtRkY9uRD8KtEQV5QGG5AbsUscIUs40xDjWH77dAAO3w==
X-Received: by 2002:a05:6402:249d:b0:437:8622:6de8 with SMTP id
q29-20020a056402249d00b0043786226de8mr33547935eda.113.1658090732835;
Sun, 17 Jul 2022 13:45:32 -0700 (PDT)
Received: from [10.12.10.3] ([46.166.182.100])
by smtp.googlemail.com with ESMTPSA id
f24-20020a056402069800b004316f94ec4esm7288169edy.66.2022.07.17.13.45.32
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Sun, 17 Jul 2022 13:45:32 -0700 (PDT)
From: Jonas Nick <jonasdnick@gmail.com>
X-Google-Original-From: Jonas Nick <jonasd.nick@gmail.com>
Message-ID: <2f511890-23a7-882a-332c-85cda02fba7a@gmail.com>
Date: Sun, 17 Jul 2022 20:48:11 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.11.0
Content-Language: en-US-large
To: Michael Folkson <michaelfolkson@protonmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
References: <33f275c2-06b1-4b4a-2a75-cafe36836503@gmail.com>
<uxodWlVSmJqvVHDuGevdDbsc5lXiyV6zONlNJtj6gDylkTXQzkPPokLXKJAVULMwPbduJJ7Fb-s0ZYKpduvIZ-LkCsfXClkDH5WhOFsTHts=@protonmail.com>
In-Reply-To: <uxodWlVSmJqvVHDuGevdDbsc5lXiyV6zONlNJtj6gDylkTXQzkPPokLXKJAVULMwPbduJJ7Fb-s0ZYKpduvIZ-LkCsfXClkDH5WhOFsTHts=@protonmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Sun, 17 Jul 2022 21:11:43 +0000
Subject: Re: [bitcoin-dev] BIP draft: Half-Aggregation of BIP-340 Signatures
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jul 2022 20:45:36 -0000
To be clear, whether "half aggregation needs a new output type or not" does not
become clear in the draft BIP because it is out of scope. Half-aggregation has a
few possible applications. The draft only specifies the cryptographic scheme.
The StackExchange post you link to argues that CISA requires a new output type.
The same argument applies to half aggregating signatures across transaction
inputs (CISHA, if you will). The only difference to "full aggregation" is that
the transaction signature is a single half-aggregate signature instead of a
64-byte signature. You're right that it's possible to do batch verification of
Taproot output key spends (Schnorr signatures) and script spends (key tweaks).
|