summaryrefslogtreecommitdiff
path: root/fb/1843b7efff6f75fe9667eaaff400772b149c89
blob: e57c9136ae83df9b69f0dee1b813a3590a9836ee (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
Return-Path: <moonsettler@protonmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 73F3DC0032
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 26 Jul 2023 09:45:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id 491CC4038D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 26 Jul 2023 09:45:12 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 491CC4038D
Authentication-Results: smtp2.osuosl.org;
 dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
 header.a=rsa-sha256 header.s=protonmail3 header.b=CBNjx1sp
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level: 
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id A-UobSyZDMyY
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 26 Jul 2023 09:45:11 +0000 (UTC)
X-Greylist: delayed 36590 seconds by postgrey-1.37 at util1.osuosl.org;
 Wed, 26 Jul 2023 09:45:11 UTC
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 4BD6B4012D
Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com
 [51.77.79.158])
 by smtp2.osuosl.org (Postfix) with ESMTPS id 4BD6B4012D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Wed, 26 Jul 2023 09:45:11 +0000 (UTC)
Date: Wed, 26 Jul 2023 09:44:50 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1690364694; x=1690623894;
 bh=FpM2lWmFl3wmyupuiZXYKnRPeTnxRswB82Ie0zVtcIs=;
 h=Date:To:From:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=CBNjx1sp4Rvkk5+614w4Qm7ydwwfcXgieIvd4ADXFVwMPm8yoYgiJy4OZZPrFKiKR
 0PCOaT7k5BKtjobRNup9XHtQW7E3CkHpCl05Ldh8EWfhsOidBbXOVi9iU0rlLLkNy7
 xy72TUyEI1oYxQw4rO1ogu1EBKuntBfEcdwbJHiqvT1GxgvwFDH4uCsiZPJ5VcLA2d
 wFfRtW4Z69QTyrnEs+tQmib+zyipG4oZltqiy1DFdXt63cBf+QBNiOLSzvfg1iTaQJ
 IXJ8qQ9NW0ev0ED0ONXToo+GSVGpfWCmfiYoV4cGRScNkqlz4tbW2Un3pjYtf5nncT
 Xk+zHiI3fj7Xg==
To: "bitcoin-dev@lists.linuxfoundation.org"
 <bitcoin-dev@lists.linuxfoundation.org>
From: moonsettler <moonsettler@protonmail.com>
Message-ID: <O3LTbUbjNa3SLUfJzSKDNLBCIhED_6rdOcmgLpYB9byX6HBVg3BMu3hrvY37fH4SGL8th8oJaVV6_ogl_ZOA0qTXgENq8xqQNSRB-VsHem4=@protonmail.com>
In-Reply-To: <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com>
References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com>
 <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com>
Feedback-ID: 38540639:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Wed, 26 Jul 2023 14:32:46 +0000
Subject: [bitcoin-dev]  Blinded 2-party Musig2
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2023 09:45:12 -0000

Hi All,

I believe it's fairly simple to solve the blinding (sorry for the bastard n=
otation!):

Signing:

X =3D X1 + X2
K1 =3D k1G
K2 =3D k2G

R =3D K1 + K2 + bX
e =3D hash(R||X||m)

e' =3D e + b
s =3D (k1 + e'*x1) + (k2 + e'*x2)
s =3D (k1 + k2 + b(x1 + x2)) + e(x1 + x2)

sG =3D (K1 + K2 + bX) + eX
sG =3D R + eX

Verification:

Rv =3D sG - eX
ev =3D hash(R||X||m)
e ?=3D ev

https://gist.github.com/moonsettler/05f5948291ba8dba63a3985b786233bb

Been trying to get a review on this for a while, please let me know if I go=
t it wrong!

BR,
moonsettler


------- Original Message -------
On Monday, July 24th, 2023 at 5:39 PM, Jonas Nick via bitcoin-dev <bitcoin-=
dev@lists.linuxfoundation.org> wrote:


> > Party 1 never learns the final value of (R,s1+s2) or m.
>=20
>=20
> Actually, it seems like a blinding step is missing. Assume the server (pa=
rty 1)
> received some c during the signature protocol. Can't the server scan the
> blockchain for signatures, compute corresponding hashes c' =3D H(R||X||m)=
 as in
> signature verification and then check c =3D=3D c'? If true, then the serv=
er has the
> preimage for the c received from the client, including m.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev