1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
Return-Path: <pieter.wuille@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 4879BC8D
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 9 Jul 2018 04:40:08 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-oi0-f51.google.com (mail-oi0-f51.google.com
[209.85.218.51])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E6B846BA
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 9 Jul 2018 04:40:07 +0000 (UTC)
Received: by mail-oi0-f51.google.com with SMTP id y207-v6so33431797oie.13
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 08 Jul 2018 21:40:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=//Adbk7orHT6kxtJrhA73E+GH/RxO71OZF5k6Uts5kw=;
b=AjRSmSN43ASWA7G+EeiXab+OJC7ZT2XlNDp0pZ4sJjbRVQFhbHhnx6W6y3yTWXOvHD
A9dvsvHdOa3mjNLxChK6YrE/8Uejm+kIz+IzDLSad5LqhT+sMd+kYFOqyum2R1RbYKgx
zkbTdSZwWVRlb0IwCmufZViMQAcEi5RFqSdIXZd9IbA9YJfTRie1tVkM7s+7z46VjzbW
hT252t9SRmRbhM+HyS77FJ95KmC4rA3309U37LGLmp/88yIjgax8igRJC1627TxUNaRe
ottODXqV4/OkGG51S61UCln3ipy6oAy7fKvVKH8QeI9334lRHlVyGnEquLDlbR1IqB6E
xbCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=//Adbk7orHT6kxtJrhA73E+GH/RxO71OZF5k6Uts5kw=;
b=AlJUiAG4i9dbPTopHGj0wQy1difNnYJXfE8W/CHmPuIGKhjn4vTrBOtzKAIl31Iscp
JzJ8UA6ea8Eb6yj93j0+i0Jp3hkaoOCYZH5a/0o3UFBdPBxXECZSpct4gEX+UeQcDm0v
ULh3cs/PUCK9+TnFtlVkRLkQQcLefpiFFDSWilGAqX1IjNCXBs0+7yv7K24gXneUtJDL
sjMAt8/+Vnr1op1EDQ/WPKmijRv1uUbHaGnaPhWMNTGkvgpoN8OtwvfuIi5LCS9UM9vA
AB86qOHJ/tbrMFCogsE7Efu0QasOx1dqJPsFn4cHXByxUm98h/wvbBHrAXvElWsUjbia
gQyQ==
X-Gm-Message-State: APt69E01z8ypvn7dL6Ni568MiJ7vosYIG8osS9WxBoZBmJzvObFR+9b2
LZ+dlVRZoS2qJA9zOYrstMDVBwU/s4buGiklB2M=
X-Google-Smtp-Source: AAOMgpeAd1AJOA0Cs24WymyxqUeZojS4C9pb9KoyOD6x4EQxjQ2WFSkDrnGZIPRhU1XXaCIxAvU6r296YoS3jLb5UCA=
X-Received: by 2002:aca:5003:: with SMTP id
e3-v6mr23228173oib.89.1531111207110;
Sun, 08 Jul 2018 21:40:07 -0700 (PDT)
MIME-Version: 1.0
References: <CAJowKgLrSe77sqO2iB7mYboo_HW=YjO4=AFdv7L5FUi2vygMiQ@mail.gmail.com>
<08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de>
<CAAS2fgSPUc7xRq36rZ9BVLjUTdd152Fgho4sjJXLhfrc71vPMw@mail.gmail.com>
<CAJowKgL-nRcruXhWdGWrT4x+oV7i3jYST2Wa3bF5m6iT_mOyMw@mail.gmail.com>
<CAPg+sBjdu4mnda-P0y7Ddu-rN7a1GiUt0hY_wYGsy_bJLKOYMA@mail.gmail.com>
<CAJowKgLSQZ1LrZayDi7EFc-NSfK_AD+zBdyaF7jBeQRP7tOwYQ@mail.gmail.com>
In-Reply-To: <CAJowKgLSQZ1LrZayDi7EFc-NSfK_AD+zBdyaF7jBeQRP7tOwYQ@mail.gmail.com>
From: Pieter Wuille <pieter.wuille@gmail.com>
Date: Sun, 8 Jul 2018 21:39:56 -0700
Message-ID: <CAPg+sBizrx20XShpeZRvZd4bfq1=E+MFUDmSC9X-xK1CSbV5kQ@mail.gmail.com>
To: Erik Aronesty <erik@q32.com>
Content-Type: multipart/alternative; boundary="0000000000009c8d6d0570899bec"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Multiparty signatures
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2018 04:40:08 -0000
--0000000000009c8d6d0570899bec
Content-Type: text/plain; charset="UTF-8"
On Sun, Jul 8, 2018, 21:29 Erik Aronesty <erik@q32.com> wrote:
> Because it's non-interactive, this construction can produce multisig
> signatures offline. Each device produces a signature using it's own
> k-share and x-share. It's only necessary to interpolate M of n shares.
>
> There are no round trips.
>
> The security is Shamir + discrete log.
>
> it's just something I've been tinkering with and I can't see an obvious
> problem.
>
> It's basically the same as schnorr, but you use a threshold hash to fix
> the need to be online.
>
> Just seems more useful to me.
>
That sounds very useful if true, but I don't think we should include novel
cryptography in Bitcoin based on your not seeing an obvious problem with it.
I'm looking forward to seeing a more complete writeup though.
Cheers,
--
Pieter
--0000000000009c8d6d0570899bec
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto"><div class=3D"gmail_quote" dir=3D"auto"><div dir=3D"ltr">=
On Sun, Jul 8, 2018, 21:29 Erik Aronesty <<a href=3D"mailto:erik@q32.com=
">erik@q32.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div =
dir=3D"auto">Because it's non-interactive, this construction can produc=
e multisig signatures offline.=C2=A0 =C2=A0Each device produces a signature=
using it's own k-share and x-share.=C2=A0 =C2=A0It's only necessar=
y to interpolate M of n shares.<div dir=3D"auto"><br></div><div dir=3D"auto=
">There are no round trips.<br><div dir=3D"auto"><br></div><div dir=3D"auto=
">The security is Shamir + discrete log.=C2=A0=C2=A0</div><div dir=3D"auto"=
><div dir=3D"auto"><br></div><div dir=3D"auto">it's just something I=
9;ve been tinkering with and I can't see an obvious problem.=C2=A0=C2=
=A0</div><div dir=3D"auto"><br></div><div dir=3D"auto">It's basically t=
he same as schnorr, but you use a threshold hash to fix the need to be onli=
ne.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Just seems more usef=
ul to me.</div></div></div></div></blockquote></div><div dir=3D"auto"><br><=
/div><div dir=3D"auto">That sounds very useful if true, but I don't thi=
nk we should include novel cryptography in Bitcoin based on your not seeing=
an obvious problem with it.</div><div dir=3D"auto"><br></div><div dir=3D"a=
uto">I'm looking forward to seeing a more complete writeup though.</div=
><div dir=3D"auto"><br></div><div dir=3D"auto">Cheers,</div><div dir=3D"aut=
o"><br></div><div dir=3D"auto">--=C2=A0</div><div dir=3D"auto">Pieter</div>=
<div dir=3D"auto"><br></div><div dir=3D"auto"><br></div><div class=3D"gmail=
_quote" dir=3D"auto"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=3D"gmail_quo=
te"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-lef=
t:1px #ccc solid;padding-left:1ex"><div dir=3D"auto"><div class=3D"gmail_qu=
ote" dir=3D"auto"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .=
8ex;border-left:1px #ccc solid;padding-left:1ex">
</blockquote></div></div>
</blockquote></div>
</blockquote></div></div>
--0000000000009c8d6d0570899bec--
|