1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
Return-Path: <tom@commerceblock.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 17EDFC0032
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 20:35:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id DEC7141D75
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 20:35:14 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org DEC7141D75
Authentication-Results: smtp4.osuosl.org;
dkim=pass (2048-bit key) header.d=commerceblock-com.20221208.gappssmtp.com
header.i=@commerceblock-com.20221208.gappssmtp.com header.a=rsa-sha256
header.s=20221208 header.b=zaSdqFO1
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id uX6dWKt2cBcx
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 20:35:14 +0000 (UTC)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com
[IPv6:2a00:1450:4864:20::532])
by smtp4.osuosl.org (Postfix) with ESMTPS id A8F0E40135
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 20:35:13 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A8F0E40135
Received: by mail-ed1-x532.google.com with SMTP id
4fb4d7f45d1cf-5221b90f763so240773a12.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 26 Jul 2023 13:35:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=commerceblock-com.20221208.gappssmtp.com; s=20221208; t=1690403711;
x=1691008511;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=CaJq6oiQu+KTSogQiXxvizfccsgPq4SXorrzbr4e79o=;
b=zaSdqFO1SbDksKJx7W4sn3ZV83Pa9dlB2Jr9RfT2fDhFtu/huteQUbgO1iAWH6unLq
8dYDEuP86Y9a0yLSLZo5C+AKQJBKRCshpC5eaTBXV9BZWiEmlV0aK/hps0xK7XHAtrsk
bSyTq9xZt3kQ/wlcHuk78DnT0MHeahYT+snkj3jvAs0ZMlSMw87qbr4tj4kyAIfnorEp
KehR79YdvaBcRqWfdsxQDYtHeTX+Uf2HBtOINuNOSZEbybOu9vrrQIj5073CrVXjOMn1
lo3DE+/COb4X3bHAEos59P1AAAJD7y/KJq/TN5K9wFPL9wy2HRkCGpdElqG6YAoimgg2
N6Mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1690403711; x=1691008511;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=CaJq6oiQu+KTSogQiXxvizfccsgPq4SXorrzbr4e79o=;
b=Mq5izIWAtAU70mYMm9PnZ/tRttPTfF7UV+PvV3hHEswSPu8ZKxRZs8Lt9WoMS992M+
B6hN5JfxJmWcGmKo1MhDycgot7NKTIT5KeKde73DwUW0H9/+ZP6593bmeYT2fzGNCNFs
9mLo3ftDpPo96oYArXV0j/1nVSwkFQJ2T8NICEsTuxZfighWUE0Qv81/1O/EI3DxqwCL
YwE+1W8J9jG+TSVc6bF4RrtE4K7aTJf6FrBWyP3cZmzdbdM4L44vezEnWiEDUSNg3qdd
0wHvEXo9GgDACh54ULyUica/3lNjja8IKbuRqxsGXDvxIezthQvxE8S3iqsY0fSyr2E8
T3oA==
X-Gm-Message-State: ABy/qLZskQ6GcpkQUzfZaWdgkW0Klm7Lg6tIJh4hEy7dMfrveAlLYTIp
nlvhfTXIKFTCL5wL+uZcz83qvUV3z5vILXSWzcd1
X-Google-Smtp-Source: APBJJlEDEjQWUaBI15EsRMXWoZASTg5GYrROautn5AU/T7cvWvzX5tEIxJZF1IdZOCmpVAPrQDcRNHUFBtNhdxg50I4=
X-Received: by 2002:aa7:d745:0:b0:522:56d8:49c0 with SMTP id
a5-20020aa7d745000000b0052256d849c0mr161713eds.37.1690403711626; Wed, 26 Jul
2023 13:35:11 -0700 (PDT)
MIME-Version: 1.0
References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com>
<ca674cee-6fe9-f325-7e09-f3efda082b6b@gmail.com>
<YwMiFAEImHAJfAHHU7WbN1C1JuHjh0vC18Hn61QplFOlY5mEgKmjsAlj2geV1-28E36_wgfL9_QHTRJsbtOLt73o9C4JfoVt8scvYGzKHOI=@protonmail.com>
<CAJowKgJ61nWBHMfNVx7J+C1QwZZMQ9zUaFQnAw1roXiPfi5O6A@mail.gmail.com>
<CAJvkSsdAVFf44XXXXhXqV7JcnmV796vttHEtNEp=v-zxehUofw@mail.gmail.com>
<CAJowKgJFHzXEtJij4K0SR_KvatTZMDfUEU40noMzR2ubj8OSvA@mail.gmail.com>
<c5ae9d75-e64f-1565-93d0-e2b5df45d3f4@gmail.com>
In-Reply-To: <c5ae9d75-e64f-1565-93d0-e2b5df45d3f4@gmail.com>
From: Tom Trevethan <tom@commerceblock.com>
Date: Wed, 26 Jul 2023 21:35:00 +0100
Message-ID: <CAJvkSsdRCHA6pB0mMY-7SE4GbDodAR34_RMgPrhEZAAq_8O2Aw@mail.gmail.com>
To: Jonas Nick <jonasdnick@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000c244ca060169c866"
X-Mailman-Approved-At: Thu, 27 Jul 2023 00:19:01 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Blinded 2-party Musig2
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2023 20:35:15 -0000
--000000000000c244ca060169c866
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of
knowledge of the r values used to generate each R used prevents the Wagner
attack, no?
On Wed, Jul 26, 2023 at 8:59=E2=80=AFPM Jonas Nick <jonasdnick@gmail.com> w=
rote:
> None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned a=
n
> attack on the nonces, I mentioned an attack on the challenge c) can be
> prevented
> by proving knowledge of the signing key (usually known as proof of
> possession,
> PoP).
>
--000000000000c244ca060169c866
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Not 'signing' but 'secret' i.e. the r valu=
es (ephemeral keys). Proof of knowledge of the r values used to generate ea=
ch R used prevents the Wagner attack, no?</div><br><div class=3D"gmail_quot=
e"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, Jul 26, 2023 at 8:59=E2=80=
=AFPM Jonas Nick <<a href=3D"mailto:jonasdnick@gmail.com">jonasdnick@gma=
il.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"m=
argin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left=
:1ex">None of the attacks mentioned in this thread so far (ZmnSCPxj mention=
ed an<br>
attack on the nonces, I mentioned an attack on the challenge c) can be prev=
ented<br>
by proving knowledge of the signing key (usually known as proof of possessi=
on,<br>
PoP).<br>
</blockquote></div>
--000000000000c244ca060169c866--
|
