1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
Return-Path: <earonesty@gmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
by lists.linuxfoundation.org (Postfix) with ESMTP id C7DCBC0032
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 22:06:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 8EADD40BD0
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 22:06:58 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 8EADD40BD0
Authentication-Results: smtp2.osuosl.org;
dkim=pass (2048-bit key) header.d=q32-com.20221208.gappssmtp.com
header.i=@q32-com.20221208.gappssmtp.com header.a=rsa-sha256
header.s=20221208 header.b=vuyz7ToU
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001,
HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ysRWw25SVTKX
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 22:06:57 +0000 (UTC)
Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com
[IPv6:2607:f8b0:4864:20::1131])
by smtp2.osuosl.org (Postfix) with ESMTPS id B703940609
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 22:06:57 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org B703940609
Received: by mail-yw1-x1131.google.com with SMTP id
00721157ae682-583b0190db4so530057b3.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 15:06:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=q32-com.20221208.gappssmtp.com; s=20221208; t=1690409216; x=1691014016;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=YEeMfOIVxDKdShx/ApVl/f/ZibeIw2neiFGZsQW8sPg=;
b=vuyz7ToUVc+EsDLLf9S13PWuf5OvbtLwy7r4xA7VUSGwklRgVAJ/TwRBzcPx6TOttY
MELX5zDAA2lsHSpCG6OJyyQra21sESNvRKI/35qPqat/NuQkrdd6gRLbRF5wFZqt5LLP
A14mH9QZ0SKkPuLR5ye9K4bUQAf8pCwxuTLT2S2W6cK64Hoc5gbgSYEp97I0Kvzh8T4T
fuH+oAwYJ5oamtf7PzrQDRIdDBU/lhbEuB4MWr1gHhgRMqGI8Xx21HX6dZLEWWLzKL+6
MiGFsV5D/NJn525VUKjg5sWzaZwsiAn6RPI7RDFWUvs2Lv5KgusjbFYgbMXEZx2s+ILl
3EQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1690409216; x=1691014016;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=YEeMfOIVxDKdShx/ApVl/f/ZibeIw2neiFGZsQW8sPg=;
b=eEtneTowkFgVA5tyw1qi4xjr3+K3jS5HPZiQwBsv0p6vsAvXPkWN0BLM7ib4DrdQ1h
zpKig+d+j/dLIUqyMB/24buGAVk4bX3T5MPjqqqA9FZh2+iOb7Y/Vl94bbDP4XqgoxhL
dQTMvakwfrU/ay9PKR0/EcH9TgDzen9APwOwQkJ2csY2rTAIFP0a00tvd7le84UPs/zU
CxmAGfYwibdU+RTB7Yj7SVOaMhmQAFrddqhniRuowObvqaJbsEUwALZi/pycJDjIbLu3
3yHBK35g+VC2/Euwssb5h4vD5H03wIu/gJAV49/g7L0UPWZbLwpap9WYQPaojzH4VHvR
oYJg==
X-Gm-Message-State: ABy/qLY/vktThHu3F8KKoLdNz4dLjZor+iqDBzTu1DbQTrsno33Orlj7
9ceQBS6fhExG5H2IeuunJhLiRAn/xN4Jdx4EWCyQv0U=
X-Google-Smtp-Source: APBJJlEd8R/EJNUh2YV8D78LtrrDz0ho94eT4dvxuMgyGBQTMFMkUwK9k/lMbj/riWQ+b+ELsynrlMeMh+aAYufaAtg=
X-Received: by 2002:a81:4850:0:b0:583:f90b:f042 with SMTP id
v77-20020a814850000000b00583f90bf042mr1925101ywa.0.1690409216504; Wed, 26 Jul
2023 15:06:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com>
<ca674cee-6fe9-f325-7e09-f3efda082b6b@gmail.com>
<YwMiFAEImHAJfAHHU7WbN1C1JuHjh0vC18Hn61QplFOlY5mEgKmjsAlj2geV1-28E36_wgfL9_QHTRJsbtOLt73o9C4JfoVt8scvYGzKHOI=@protonmail.com>
<CAJowKgJ61nWBHMfNVx7J+C1QwZZMQ9zUaFQnAw1roXiPfi5O6A@mail.gmail.com>
<CAJvkSsdAVFf44XXXXhXqV7JcnmV796vttHEtNEp=v-zxehUofw@mail.gmail.com>
<CAJowKgJFHzXEtJij4K0SR_KvatTZMDfUEU40noMzR2ubj8OSvA@mail.gmail.com>
<c5ae9d75-e64f-1565-93d0-e2b5df45d3f4@gmail.com>
<CAJvkSsdRCHA6pB0mMY-7SE4GbDodAR34_RMgPrhEZAAq_8O2Aw@mail.gmail.com>
In-Reply-To: <CAJvkSsdRCHA6pB0mMY-7SE4GbDodAR34_RMgPrhEZAAq_8O2Aw@mail.gmail.com>
From: Erik Aronesty <erik@q32.com>
Date: Wed, 26 Jul 2023 18:06:44 -0400
Message-ID: <CAJowKg+wjq8kTOmhEuu--hS2s_FvYEg61z8C_SOvFLsANesc7g@mail.gmail.com>
To: Tom Trevethan <tom@commerceblock.com>
Content-Type: multipart/alternative; boundary="000000000000dff90f06016b10f3"
X-Mailman-Approved-At: Thu, 27 Jul 2023 00:19:01 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Blinded 2-party Musig2
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2023 22:06:58 -0000
--000000000000dff90f06016b10f3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
correct. you cannot select R if it is shipped with a POP
On Wed, Jul 26, 2023, 4:35 PM Tom Trevethan <tom@commerceblock.com> wrote:
> Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of
> knowledge of the r values used to generate each R used prevents the Wagne=
r
> attack, no?
>
> On Wed, Jul 26, 2023 at 8:59=E2=80=AFPM Jonas Nick <jonasdnick@gmail.com>=
wrote:
>
>> None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned =
an
>> attack on the nonces, I mentioned an attack on the challenge c) can be
>> prevented
>> by proving knowledge of the signing key (usually known as proof of
>> possession,
>> PoP).
>>
>
--000000000000dff90f06016b10f3
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">correct.=C2=A0 you cannot select R if it is shipped with =
a POP=C2=A0</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"g=
mail_attr">On Wed, Jul 26, 2023, 4:35 PM Tom Trevethan <<a href=3D"mailt=
o:tom@commerceblock.com">tom@commerceblock.com</a>> wrote:<br></div><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c=
cc solid;padding-left:1ex"><div dir=3D"ltr">Not 'signing' but '=
secret' i.e. the r values (ephemeral keys). Proof of knowledge of the r=
values used to generate each R used prevents the Wagner attack, no?</div><=
br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed,=
Jul 26, 2023 at 8:59=E2=80=AFPM Jonas Nick <<a href=3D"mailto:jonasdnic=
k@gmail.com" target=3D"_blank" rel=3D"noreferrer">jonasdnick@gmail.com</a>&=
gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0=
px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">None =
of the attacks mentioned in this thread so far (ZmnSCPxj mentioned an<br>
attack on the nonces, I mentioned an attack on the challenge c) can be prev=
ented<br>
by proving knowledge of the signing key (usually known as proof of possessi=
on,<br>
PoP).<br>
</blockquote></div>
</blockquote></div>
--000000000000dff90f06016b10f3--
|