summaryrefslogtreecommitdiff
path: root/88/6640f969e958f2a8c10998c871952f72458f51
blob: bedc211f75ba99385b888cfd3f28e1729fcdfb2d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Return-Path: <tom@commerceblock.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 12422C0032
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Jul 2023 16:22:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id D12A5403C8
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Jul 2023 16:22:29 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org D12A5403C8
Authentication-Results: smtp2.osuosl.org;
 dkim=pass (2048-bit key) header.d=commerceblock-com.20221208.gappssmtp.com
 header.i=@commerceblock-com.20221208.gappssmtp.com header.a=rsa-sha256
 header.s=20221208 header.b=5dgagnNt
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level: 
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id q37X9hIhKhyA
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Jul 2023 16:22:29 +0000 (UTC)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com
 [IPv6:2a00:1450:4864:20::530])
 by smtp2.osuosl.org (Postfix) with ESMTPS id DC0454031E
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Jul 2023 16:22:28 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org DC0454031E
Received: by mail-ed1-x530.google.com with SMTP id
 4fb4d7f45d1cf-5221cf2bb8cso3474691a12.1
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 24 Jul 2023 09:22:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=commerceblock-com.20221208.gappssmtp.com; s=20221208; t=1690215746;
 x=1690820546; 
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc:subject:date:message-id:reply-to;
 bh=rGXUDL0CEOfrXAyZExJjUL/QkAwdjS+oYMxrqXeUZkk=;
 b=5dgagnNtdQ76veDMh8uT78bFqCg+sxdey9SxoWb1iYXgsAHv0DJa6kRhEuqTJDQ27Y
 TVKN4Tne9ZoV+WUkVbqpFUBF1RrKzvOL7fu0Vq2X2d0lTnnVV6KwZUjWI8WwTXdaUCSF
 ZyGmJ8cIHHEscGqNNGgszr/yFiUzOq3hDxyvB9p1/rbf6Gpfw+ls/4MwC4xg06j7dNvV
 Jzg4/+iZ7GqQBmsxfq1wD+qCC89zBGIykHvJ9Rp8YD8I0halcIMoIStt2DQFhTnyzDKn
 Z8AnLSGTcBAJUy+V4Rajp5Zg0HHON0WS233uf53sV08gO+nRMibWcpJPYw5Nq4YVaTUB
 TxkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1690215746; x=1690820546;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=rGXUDL0CEOfrXAyZExJjUL/QkAwdjS+oYMxrqXeUZkk=;
 b=MzCGoVmB/IEIZdxn0bHDAFlXhi8//tBHJFw1JJXayOo9r9Deu9zqezePNVlSNC3rMv
 ZoeB/s3dyniyJCe8b2e4B1rFREaV4csbThKSNaiOQrsrxPORTA5Tt8eojosHRyGBN/EM
 0cyhYxKRhPgC2a3ZI0UQxW7fIfcJmtzDAvubZ2Bojtzi6VhZxuLulEoCZ/3GCHUktic0
 7pY5F6yiKkqWokYXHBqLLmJeWk3W2H1/LpfHdj8GExlgwZmlC+g0ixcBoZcprYhzfSnB
 yEnERwSHtsQ0hZwigieHsC+kXdHbNBZGjlj34oFswY9FlOcO22fXdFubw+t+xf9y83+v
 LimA==
X-Gm-Message-State: ABy/qLadLNW+1Xu7Q3IrL03rwz/TxcE5PUgzyOhMKW5qKJooyflNadPp
 xzZjhkWIPKbE/l1D+odbLbhxNLwXjFCY/gysmFCDlZmzkBO4bJ0=
X-Google-Smtp-Source: APBJJlGraKIbV6u0o3t3v06ik/K3PFWGcsrzwA2OekkEvmkmsDm+0t+0DXRTYz2Zotx+Pn2qVdRVw3tDpFhNmguch4I=
X-Received: by 2002:aa7:d502:0:b0:521:8d64:df1c with SMTP id
 y2-20020aa7d502000000b005218d64df1cmr9767155edq.0.1690215746674; Mon, 24 Jul
 2023 09:22:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com>
 <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com>
In-Reply-To: <b770096c-e8c4-70f7-8cd7-d74c27181413@gmail.com>
From: Tom Trevethan <tom@commerceblock.com>
Date: Mon, 24 Jul 2023 17:22:15 +0100
Message-ID: <CAJvkSscdAw8-Z7quKexjFk1gdXmwpKpP5Q1XEuHbHROGdMBpKg@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000002cbc5c06013e05de"
X-Mailman-Approved-At: Mon, 24 Jul 2023 16:37:34 +0000
Subject: Re: [bitcoin-dev] Blinded 2-party Musig2
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2023 16:22:30 -0000

--0000000000002cbc5c06013e05de
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Jonas,

Seems you are right: for every tx, compute c from the on-chain data, and
the server can match the c to the m (tx). So there would need to be a
method for blinding the value of c.

On Mon, Jul 24, 2023 at 4:39=E2=80=AFPM Jonas Nick <jonasdnick@gmail.com> w=
rote:

>  > Party 1 never learns the final value of (R,s1+s2) or m.
>
> Actually, it seems like a blinding step is missing. Assume the server
> (party 1)
> received some c during the signature protocol. Can't the server scan the
> blockchain for signatures, compute corresponding hashes c' =3D H(R||X||m)=
 as
> in
> signature verification and then check c =3D=3D c'? If true, then the serv=
er
> has the
> preimage for the c received from the client, including m.
>

--0000000000002cbc5c06013e05de
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi Jonas,<div><br></div><div>Seems you are right: for ever=
y tx, compute c from the on-chain data, and the server can match the c to t=
he m (tx). So there would need to be a method for blinding the value of c.=
=C2=A0</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"=
gmail_attr">On Mon, Jul 24, 2023 at 4:39=E2=80=AFPM Jonas Nick &lt;<a href=
=3D"mailto:jonasdnick@gmail.com">jonasdnick@gmail.com</a>&gt; wrote:<br></d=
iv><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bord=
er-left:1px solid rgb(204,204,204);padding-left:1ex">=C2=A0&gt; Party 1 nev=
er learns the final value of (R,s1+s2) or m.<br>
<br>
Actually, it seems like a blinding step is missing. Assume the server (part=
y 1)<br>
received some c during the signature protocol. Can&#39;t the server scan th=
e<br>
blockchain for signatures, compute corresponding hashes c&#39; =3D H(R||X||=
m) as in<br>
signature verification and then check c =3D=3D c&#39;? If true, then the se=
rver has the<br>
preimage for the c received from the client, including m.<br>
</blockquote></div>

--0000000000002cbc5c06013e05de--