Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id B57D8C000B for ; Fri, 18 Feb 2022 13:54:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id B14874014D for ; Fri, 18 Feb 2022 13:54:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp2.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C4v81HZJoTuB for ; Fri, 18 Feb 2022 13:54:11 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) by smtp2.osuosl.org (Postfix) with ESMTPS id 448A940110 for ; Fri, 18 Feb 2022 13:54:11 +0000 (UTC) Received: by mail-wr1-x436.google.com with SMTP id u1so14708255wrg.11 for ; Fri, 18 Feb 2022 05:54:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:date:mime-version:user-agent:subject :content-language:to:references:in-reply-to :content-transfer-encoding; bh=Anh1N5cpYfEJNbWRgOCEKiZc/pSOjPYWqSpqPpKe5rA=; b=P1Ow8oFg/Hs1GoN6BaTYOzJyUzB52kqFdRAJe+VpmNBGvGUh0XPFUT9K40bIFcwr4D jICxQXR9Pfj3Cnog7GUCiG8BvsgNun4ws7dTF9r1qc++X/I+WdfXlphKKujPSL+XNK6R tgL7lo4i+MzvsIKrj6JwGy65+HGpfZCwcG8fVdX615gjy3UGsydRuzuRmcoazlfJwTBM Hr1Yi0u4a2eV3g23rhRVX1p4jb0nlHERldZ6f9pyjTwlRoE647wIIyuLZnRT0ebeGAgi VP25WRG5BDdjooYxTiVgCgQpg8u8nA/leskdnt3/fpy12+1Gf7q7VDhEwN5WmzLOK57N joDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:date:mime-version:user-agent :subject:content-language:to:references:in-reply-to :content-transfer-encoding; bh=Anh1N5cpYfEJNbWRgOCEKiZc/pSOjPYWqSpqPpKe5rA=; b=7nf1F6vQmCky3QtftnhXHh+J2YAus9v+3GsuzSz7YdXSo1W2HtdCzI+cOflirKnoMc fR2lNyoEX86Dsj0wMckOPmHHYBesaIzs0477S3z5eIPfD5VYJqPRPe1+g2a4BQzJZ+ce N1GAbEcROFYAKVGZNimd7J9UAr9wL6V85oDg8Aog39dJpyTXjRfKRxfxT/PiDheZVAJC g3or9WDWbYMaqxdPU/1vTEuFlZrnGnaT+ppBuMaS+rO/cSakraQJvmi347JBgSc4IOAI Pn4Q2madn+TKhz7iTeO5zHgFjJbrthbDe1/ahYC+gG4fYI9tpSow7yc8kB9VTUYG5TjQ 6X8Q== X-Gm-Message-State: AOAM5330RPURH3m8EcSNE3TH6P28b4XjlCEK3vVfe9GhmRq9QVGTT7GE jdAN6hZ/J0GuMnMOqUyl3H8= X-Google-Smtp-Source: ABdhPJxujUDNdHiDhG/kkqHE0ZsSXrL0LyRZEFKnbyXMwGJpLU9/fRtTxe0mdzYbHzpyXVUWe8k9sQ== X-Received: by 2002:a5d:6145:0:b0:1e3:169c:197c with SMTP id y5-20020a5d6145000000b001e3169c197cmr6034586wrt.611.1645192449397; Fri, 18 Feb 2022 05:54:09 -0800 (PST) Received: from [10.12.10.3] (190-2-132-141.hosted-by-worldstream.net. [190.2.132.141]) by smtp.googlemail.com with ESMTPSA id o20sm5138343wmq.21.2022.02.18.05.54.08 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 18 Feb 2022 05:54:08 -0800 (PST) From: Jonas Nick X-Google-Original-From: Jonas Nick Message-ID: <4adf8c88-eebd-8fd3-21af-fa059ca9d911@gmail.com> Date: Fri, 18 Feb 2022 13:55:31 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-US-large To: ZmnSCPxj , Bitcoin Protocol Discussion References: <6nZ-SkxvJLrOCOIdUtLOsdnl94DoX_NHY0uwZ7sw78t24FQ33QJlJU95W7Sk1ja5EFic5a3yql14MLmSAYFZvLGBS4lDUJfr8ut9hdB7GD4=@protonmail.com> In-Reply-To: <6nZ-SkxvJLrOCOIdUtLOsdnl94DoX_NHY0uwZ7sw78t24FQ33QJlJU95W7Sk1ja5EFic5a3yql14MLmSAYFZvLGBS4lDUJfr8ut9hdB7GD4=@protonmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 18 Feb 2022 13:55:08 +0000 Subject: Re: [bitcoin-dev] `OP_EVICT`: An Alternative to `OP_TAPLEAFUPDATEVERIFY` X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Feb 2022 13:54:12 -0000 On the topic of half aggregation, Chalkias et al. gave a convincing security proof last year: https://eprint.iacr.org/2021/350 As an aside, half aggregation is not exactly the scheme in the OP because that one is insecure. This does not affect Zmn's conclusion and was already pointed out in the original half aggregation thread: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014306.html It is required that each of the "s"-values are multiplied with a different unpredictable value, for example like this: https://github.com/ElementsProject/cross-input-aggregation/blob/master/slides/2021-Q2-halfagg-impl.org#schnorr-signature-half-aggregation-1