1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
Return-Path: <aj@erisian.com.au>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 32E76C0032
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 11 Oct 2023 23:48:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 09BD5401A1
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 11 Oct 2023 23:48:11 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 09BD5401A1
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 37zR8Mrz9tEd
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 11 Oct 2023 23:48:09 +0000 (UTC)
Received: from cerulean.erisian.com.au (azure.erisian.com.au [172.104.61.193])
by smtp2.osuosl.org (Postfix) with ESMTPS id EE3C5400EA
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 11 Oct 2023 23:48:08 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org EE3C5400EA
Received: from aj@azure.erisian.com.au
by cerulean.erisian.com.au with esmtpsa (TLS1.3) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
(envelope-from <aj@erisian.com.au>)
id 1qqivq-00043h-Nr; Thu, 12 Oct 2023 09:48:05 +1000
Received: by email (sSMTP sendmail emulation); Thu, 12 Oct 2023 09:47:58 +1000
Date: Thu, 12 Oct 2023 09:47:58 +1000
From: Anthony Towns <aj@erisian.com.au>
To: Andrew Chow <lists@achow101.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <ZSc0Luwg3rpNvkfJ@erisian.com.au>
References: <c3aad7de-ec6d-407a-b33e-b52663523ef7@achow101.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c3aad7de-ec6d-407a-b33e-b52663523ef7@achow101.com>
X-Spam_score: -0.0
X-Spam_bar: /
Subject: Re: [bitcoin-dev] Proposed BIP for MuSig2 PSBT Fields
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2023 23:48:11 -0000
On Tue, Oct 10, 2023 at 10:28:37PM +0000, Andrew Chow via bitcoin-dev wrote:
> I've written up a BIP draft for MuSig2 PSBT fields. It can be viewed at
> https://github.com/achow101/bips/blob/musig2-psbt/bip-musig2-psbt.mediawiki.
I was hoping to see adaptor signature support in this; but it seems that's
also missing from BIP 327? Though libsecp256k1-zkp has implemented it:
https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/include/secp256k1_musig.h
(adaptor arg to process_nonce; adapt, and extract_adaptor functions)
https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/src/modules/musig/musig.md#atomic-swaps
I would have expected the change here to support this to be:
* an additional field to specify the adaptor, PSBT_IN_MUSIG2_PUB_ADAPTOR
(optional, 33B compressed pubkey, 32B-hash-or-omitted), that signers
have to take into account
* an additional field to specify the adaptor secret,
PSBT_IN_MUSIG2_PRIV_ADAPTOR (32B), added by a Signer role
* PartialSigAgg should check if PUB_ADAPTOR is present, and if so,
incorporate the value from PSBT_IN_MUSIG2_PRIV_ADAPTOR, failing if
that isn't present
(Note that when using adaptor signatures, signers who don't know the
adaptor secret will want to ensure that the partial signatures provided by
signers who do/might know the secret are valid. But that depends on the
protocol, and isn't something that can be automated at the PSBT level,
I think)
Seems like it would be nice to have that specified asap, so that it can
be supported by all signers?
FWIW, "participant" is typoed a bunch ("particpant") and the tables are
hard to read: you might consider putting the description as a separate
row? eg:
https://github.com/ajtowns/bips/blob/202310-table/bip-musig2-psbt.mediawiki
Cheers,
aj
|