Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 31D51CA8 for ; Wed, 5 Sep 2018 12:26:32 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 78B567C7 for ; Wed, 5 Sep 2018 12:26:31 +0000 (UTC) Received: by mail-wm0-f48.google.com with SMTP id 207-v6so7468881wme.5 for ; Wed, 05 Sep 2018 05:26:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=q32-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kT9I2oVcBUkNq6+a8OCtF2KDB4emqTW+/bM9ysCLPJo=; b=NYhLiEPaCa38EKQb9rdhv0J283ivXNG0SEungGQe7CdfmH+0SroKM4Uht72kh3d4sT AlV7bn98t4xvlX/ibf4JH9Ov5msi9TI3ne5mwkOaPWQftXnHNm2cvcfrF78YY85b6xdU qK/WzPyQECR6GeMNw/UMg00CSeg6HDfF9arYMMYOc98a19LYBSmcFeslQv51GFZKpBU2 y6IXXN+44cmUYoO2WpBpwLRyPjEWwtw4yFTnPuIpUfmZW3SfdoisWfFlrwESX5ASLCOW rVQyRa16QAceefKhWmRIO3cJZGrP3m6KPpe4n89LeqE/DKpwsclwORKoAxrlCCduKlbF Wvnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kT9I2oVcBUkNq6+a8OCtF2KDB4emqTW+/bM9ysCLPJo=; b=f6OQ+hQVfpW2t1zgEU2J8fhn8sXv9hmZd8vsEqtKNvm22sCqxQ+hKd8rqwi2MkJYbn 4tNca5x9RmsumzTpwAvK8Vomy5AIzkbSF7268qiIwVLkjpgrMQg4gFMc4xp674G5I52V cmylqQbAD8oKRigPFEEzSwR1iaFpdbGv1X7yTV+QXsur9Y0HDZX0ZrjlBCk3RTXIMF/8 g3FjUf4gXahhBVh6MLJxIGUAP1n8cf1ZtWRB1heHWvMXsJD9RCDhIuJDLMNbW2knspCr LhX9qOFwKE8oCFhCsaGElD3vjXg4ThnIO+pgUotLGkm8X3hOCSXwI7V/QsEL7Eal6Mn/ Umvg== X-Gm-Message-State: APzg51CFDcJ4UeALzxYyZ54wVRvoCu4aTEd/NqWKHA1dtFJ9oYzK3W8Y FaUgfmKFvaWaPUD48YXTLU7zGvhI18KFTELcsnPtNnqHpA6r X-Google-Smtp-Source: ANB0VdY6A/crtBq0goE75QMRvPuoVKXqVxI/LBZTRQlh1rR7Npi9ciyiNX1Jh8xR06SzMY/XkBS++zU6q8RpVoJP3TQ= X-Received: by 2002:a1c:4c0e:: with SMTP id z14-v6mr72135wmf.89.1536150389971; Wed, 05 Sep 2018 05:26:29 -0700 (PDT) MIME-Version: 1.0 References: <2e620d305c86f65cbff44b5fba548dc85c118f84.camel@timruffing.de> <20180812163734.GV499@boulet.lan> <20180903000518.GB18522@boulet.lan> In-Reply-To: <20180903000518.GB18522@boulet.lan> From: Erik Aronesty Date: Wed, 5 Sep 2018 08:26:14 -0400 Message-ID: To: apoelstra@wpsoftware.net Content-Type: multipart/alternative; boundary="00000000000050e10105751ee29e" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 05 Sep 2018 13:44:12 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Schnorr signatures BIP X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2018 12:26:32 -0000 --00000000000050e10105751ee29e Content-Type: text/plain; charset="UTF-8" Why would you call it FUD? All the weird hemming and hawing about it is really strange to me. The more I look into it and speak to professors about i, the more it seems "so trivial nobody really talks about it". 1. Generate an M of N shared public key (done in advance of signing .... this gets you the bitcoin address) 2. Generate signature fragments (this can be done offline, with no communication between participants) Detailed explanation with code snippets: https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f On Sun, Sep 2, 2018 at 8:05 PM Andrew Poelstra wrote: > On Wed, Aug 29, 2018 at 08:09:36AM -0400, Erik Aronesty wrote: > > Note: > > > > This spec cannot be used directly with a shamir scheme to produce > > single-round threshold multisigs, because shares of point R would need to > > be broadcast to share participants in order to produce valid single > > signatures. > > > > (R, s) schemes can still be used "online", if share participants publish > > the R(share).... but, not sure if it matter much, this choice eliminates > > offline multiparty signing in exchange for batch validation. > > > > Please stop with this FUD. No tradeoff was made. There are no > non-interactive > Schnorr signatures. > > > Andrew > > > -- > Andrew Poelstra > Mathematics Department, Blockstream > Email: apoelstra at wpsoftware.net > Web: https://www.wpsoftware.net/andrew > > "A goose alone, I suppose, can know the loneliness of geese > who can never find their peace, > whether north or south or west or east" > --Joanna Newsom > > --00000000000050e10105751ee29e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Why would you call it FUD?=C2=A0=C2=A0 All the weird = hemming and hawing about it is really strange to me.=C2=A0 The more I look = into it and speak to professors about i, the more it seems "so trivial= nobody really talks about it".

1. Genera= te an M of N shared public key (done in advance of signing .... this gets y= ou the bitcoin address)
2. Generate signature fragments (this= can be done offline, with no communication between participants)
=

Detailed e= xplanation with code snippets:


On Sun, Sep 2, 2018 at 8:05 PM Andrew= Poelstra <apoelstra@wpsoftw= are.net> wrote:
On Wed, Aug = 29, 2018 at 08:09:36AM -0400, Erik Aronesty wrote:
> Note:
>
> This spec cannot be used directly with a shamir scheme to produce
> single-round threshold multisigs, because shares of point R would need= to
> be broadcast to share participants in order to produce valid single > signatures.
>
> (R, s) schemes can still be used "online", if share particip= ants publish
> the R(share).... but, not sure if it matter much, this choice eliminat= es
> offline multiparty signing in exchange for batch validation.
>

Please stop with this FUD. No tradeoff was made. There are no non-interacti= ve
Schnorr signatures.


Andrew


--
Andrew Poelstra
Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web:=C2=A0 =C2=A0https://www.wpsoftware.net/andrew

"A goose alone, I suppose, can know the loneliness of geese
=C2=A0who can never find their peace,
=C2=A0whether north or south or west or east"
=C2=A0 =C2=A0 =C2=A0 =C2=A0--Joanna Newsom

--00000000000050e10105751ee29e--