1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
Return-Path: <AdamISZ@protonmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
by lists.linuxfoundation.org (Postfix) with ESMTP id B80C9C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 22 May 2022 22:26:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id 9FFAE41735
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 22 May 2022 22:26:20 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: smtp4.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=protonmail.com
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id flh22Yzu6cb6
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 22 May 2022 22:26:19 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22])
by smtp4.osuosl.org (Postfix) with ESMTPS id F3A7C4172F
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 22 May 2022 22:26:18 +0000 (UTC)
Date: Sun, 22 May 2022 22:26:08 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1653258375; x=1653517575;
bh=xkRJ8TQcNxvyp+7ZVkv5ArKzZZkSOdgOP104e6Pr2MQ=;
h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References:
Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
Message-ID;
b=hosYtz6Sq37VFWhcV6hTVWOADzubAT40JTo3taLJF7Mhcljc4+3jrZJ6HB7ZA2bNf
smDsu4PiNXqtjo/aQyvJPgTkLsBLkoFdiFc/biWbLN2X19Eu96sET0Fnj5OVqDFgF2
6VH5P867Xb9ibz8cJNeaHlj/t72/9J5viRy8AbCDEh0KBCDad7w6p3D05c7yapMahb
8PQ4khXudKj28WtpGc3w0p/SbDS7nYeHJ6qMgOMu1YZ4Aa34xJJct0FECYtOyIitSX
o/g0sPIC0/ZkCijlHwKHUYDiBXdDAzvZHWv2OKq5avPueuGm/TSDP/tz0nU4rsmStO
hFoKuMf8N3qTQ==
To: Jonas Nick <jonasdnick@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: AdamISZ <AdamISZ@protonmail.com>
Reply-To: AdamISZ <AdamISZ@protonmail.com>
Message-ID: <yitwgERAsaofLM5dheUZUYyFp0ncU8xyN98xTym3MkCxTch83DkweZN5JYyovVcfxA2Mo7DjTbv1Iku3wBApYiPG_cMwznTytKFpcjYa1O0=@protonmail.com>
In-Reply-To: <46175970-d2ab-a58e-7010-f29820849604@gmail.com>
References: <46175970-d2ab-a58e-7010-f29820849604@gmail.com>
Feedback-ID: 11565511:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Sun, 22 May 2022 22:34:00 +0000
Subject: Re: [bitcoin-dev] MuSig2 BIP
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2022 22:26:20 -0000
Jonas,
Many thanks for getting the BIP draft out. Particularly appreciate the refe=
rence code!
I have a question about identical pubkeys (including how it relates to MuSi=
g2* optimization):
What is the purpose of allowing this? Isn't it always the case that N equal=
keys combined with M non-equal keys is logically equivalent to 1+M keys? I=
t non trivially complicates certain aspects of the algorithm to allow it an=
d I guess I must be missing something in my previous statement because, oth=
erwise, isn't it pointless (and pretty unwise, considering how likely it is=
to come from an error)? The whole 'second key' thing in MuSig2 is a sorty =
of icky side effect.
A valid point about this is already made in the BIP and enunciated clearly =
and in detail: that MuSig2 is designed to discover lying at the partial sig=
verify stage, so it's not really that I'm saying that what's in the BIP is=
logically or mathematically wrong; it just seems unwise and needlessly com=
plex. The case of 2 keys being identical does not imply an attacker; it is =
far more likely to be a busted implementation by counterparties where they'=
re accidentally using P1, P1 instead of their intended P1, P2.
I suppose the key word is 'needlessly' - is there a need for this that I'm =
overlooking?
Cheers,
waxwing/AdamISZ
Sent with ProtonMail secure email.
------- Original Message -------
On Tuesday, April 5th, 2022 at 17:57, Jonas Nick via bitcoin-dev <bitcoin-d=
ev@lists.linuxfoundation.org> wrote:
> Tim Ruffing, Elliott Jin, and I are working on a MuSig2 BIP that we would=
like
> to propose to the community for discussion. The BIP is compatible with BI=
P340
> public keys and signatures. It supports tweaking, which allows deriving B=
IP32
> child keys from aggregate keys and creating BIP341 Taproot outputs with k=
ey and
> script paths. You can find the BIP draft at:
> https://github.com/jonasnick/bips/blob/musig2/bip-musig2.mediawiki
>
> The draft is in a state where it should be possible to write an implement=
ation
> based on the BIP that passes the basic test vectors (as, e.g., demonstrat=
ed by
> [0]). The draft BIP also contains a reference implementation in python. P=
lease
> be aware that this is only a draft and that it may still be necessary to =
make
> small tweaks to the algorithms and test vectors.
>
> [0] https://github.com/btcsuite/btcd/pull/1820
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
|