1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 31D51CA8
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 5 Sep 2018 12:26:32 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 78B567C7
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 5 Sep 2018 12:26:31 +0000 (UTC)
Received: by mail-wm0-f48.google.com with SMTP id 207-v6so7468881wme.5
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 05 Sep 2018 05:26:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=q32-com.20150623.gappssmtp.com; s=20150623;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=kT9I2oVcBUkNq6+a8OCtF2KDB4emqTW+/bM9ysCLPJo=;
b=NYhLiEPaCa38EKQb9rdhv0J283ivXNG0SEungGQe7CdfmH+0SroKM4Uht72kh3d4sT
AlV7bn98t4xvlX/ibf4JH9Ov5msi9TI3ne5mwkOaPWQftXnHNm2cvcfrF78YY85b6xdU
qK/WzPyQECR6GeMNw/UMg00CSeg6HDfF9arYMMYOc98a19LYBSmcFeslQv51GFZKpBU2
y6IXXN+44cmUYoO2WpBpwLRyPjEWwtw4yFTnPuIpUfmZW3SfdoisWfFlrwESX5ASLCOW
rVQyRa16QAceefKhWmRIO3cJZGrP3m6KPpe4n89LeqE/DKpwsclwORKoAxrlCCduKlbF
Wvnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=kT9I2oVcBUkNq6+a8OCtF2KDB4emqTW+/bM9ysCLPJo=;
b=f6OQ+hQVfpW2t1zgEU2J8fhn8sXv9hmZd8vsEqtKNvm22sCqxQ+hKd8rqwi2MkJYbn
4tNca5x9RmsumzTpwAvK8Vomy5AIzkbSF7268qiIwVLkjpgrMQg4gFMc4xp674G5I52V
cmylqQbAD8oKRigPFEEzSwR1iaFpdbGv1X7yTV+QXsur9Y0HDZX0ZrjlBCk3RTXIMF/8
g3FjUf4gXahhBVh6MLJxIGUAP1n8cf1ZtWRB1heHWvMXsJD9RCDhIuJDLMNbW2knspCr
LhX9qOFwKE8oCFhCsaGElD3vjXg4ThnIO+pgUotLGkm8X3hOCSXwI7V/QsEL7Eal6Mn/
Umvg==
X-Gm-Message-State: APzg51CFDcJ4UeALzxYyZ54wVRvoCu4aTEd/NqWKHA1dtFJ9oYzK3W8Y
FaUgfmKFvaWaPUD48YXTLU7zGvhI18KFTELcsnPtNnqHpA6r
X-Google-Smtp-Source: ANB0VdY6A/crtBq0goE75QMRvPuoVKXqVxI/LBZTRQlh1rR7Npi9ciyiNX1Jh8xR06SzMY/XkBS++zU6q8RpVoJP3TQ=
X-Received: by 2002:a1c:4c0e:: with SMTP id z14-v6mr72135wmf.89.1536150389971;
Wed, 05 Sep 2018 05:26:29 -0700 (PDT)
MIME-Version: 1.0
References: <CAPg+sBj7f+=OYXuOMdNeJk3NBG67FSQSF8Xv3seFCvwxCWq69A@mail.gmail.com>
<2e620d305c86f65cbff44b5fba548dc85c118f84.camel@timruffing.de>
<20180812163734.GV499@boulet.lan>
<CAJowKg+h11YkwOo-gyWCw+87Oh-9K34LOnJ1730hhpoVR2m5sA@mail.gmail.com>
<20180903000518.GB18522@boulet.lan>
In-Reply-To: <20180903000518.GB18522@boulet.lan>
From: Erik Aronesty <erik@q32.com>
Date: Wed, 5 Sep 2018 08:26:14 -0400
Message-ID: <CAJowKg+PDtEV3je_N9Ra6u3n4+ZQ3ozYapt8ivxGYYU28Qad+w@mail.gmail.com>
To: apoelstra@wpsoftware.net
Content-Type: multipart/alternative; boundary="00000000000050e10105751ee29e"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 05 Sep 2018 13:44:12 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Schnorr signatures BIP
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Sep 2018 12:26:32 -0000
--00000000000050e10105751ee29e
Content-Type: text/plain; charset="UTF-8"
Why would you call it FUD? All the weird hemming and hawing about it is
really strange to me. The more I look into it and speak to professors
about i, the more it seems "so trivial nobody really talks about it".
1. Generate an M of N shared public key (done in advance of signing ....
this gets you the bitcoin address)
2. Generate signature fragments (this can be done offline, with no
communication between participants)
Detailed explanation with code snippets:
https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f
On Sun, Sep 2, 2018 at 8:05 PM Andrew Poelstra <apoelstra@wpsoftware.net>
wrote:
> On Wed, Aug 29, 2018 at 08:09:36AM -0400, Erik Aronesty wrote:
> > Note:
> >
> > This spec cannot be used directly with a shamir scheme to produce
> > single-round threshold multisigs, because shares of point R would need to
> > be broadcast to share participants in order to produce valid single
> > signatures.
> >
> > (R, s) schemes can still be used "online", if share participants publish
> > the R(share).... but, not sure if it matter much, this choice eliminates
> > offline multiparty signing in exchange for batch validation.
> >
>
> Please stop with this FUD. No tradeoff was made. There are no
> non-interactive
> Schnorr signatures.
>
>
> Andrew
>
>
> --
> Andrew Poelstra
> Mathematics Department, Blockstream
> Email: apoelstra at wpsoftware.net
> Web: https://www.wpsoftware.net/andrew
>
> "A goose alone, I suppose, can know the loneliness of geese
> who can never find their peace,
> whether north or south or west or east"
> --Joanna Newsom
>
>
--00000000000050e10105751ee29e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Why would you call it FUD?=C2=A0=C2=A0 All the weird =
hemming and hawing about it is really strange to me.=C2=A0 The more I look =
into it and speak to professors about i, the more it seems "so trivial=
nobody really talks about it".<br></div><div><br></div><div>1. Genera=
te an M of N shared public key (done in advance of signing .... this gets y=
ou the bitcoin address)<br></div><div>2. Generate signature fragments (this=
can be done offline, with no communication between participants)<br></div>=
<div></div><div><br></div><div></div><div></div><div dir=3D"ltr">Detailed e=
xplanation with code snippets:<br><br></div><div dir=3D"ltr"><a href=3D"htt=
ps://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f">htt=
ps://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f</a><=
/div><div dir=3D"ltr"><br></div><div dir=3D"ltr"><br></div></div><br><div c=
lass=3D"gmail_quote"><div dir=3D"ltr">On Sun, Sep 2, 2018 at 8:05 PM Andrew=
Poelstra <<a href=3D"mailto:apoelstra@wpsoftware.net">apoelstra@wpsoftw=
are.net</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"=
margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Aug =
29, 2018 at 08:09:36AM -0400, Erik Aronesty wrote:<br>
> Note:<br>
> <br>
> This spec cannot be used directly with a shamir scheme to produce<br>
> single-round threshold multisigs, because shares of point R would need=
to<br>
> be broadcast to share participants in order to produce valid single<br=
>
> signatures.<br>
> <br>
> (R, s) schemes can still be used "online", if share particip=
ants publish<br>
> the R(share).... but, not sure if it matter much, this choice eliminat=
es<br>
> offline multiparty signing in exchange for batch validation.<br>
><br>
<br>
Please stop with this FUD. No tradeoff was made. There are no non-interacti=
ve<br>
Schnorr signatures.<br>
<br>
<br>
Andrew<br>
<br>
<br>
-- <br>
Andrew Poelstra<br>
Mathematics Department, Blockstream<br>
Email: apoelstra at <a href=3D"http://wpsoftware.net" rel=3D"noreferrer" ta=
rget=3D"_blank">wpsoftware.net</a><br>
Web:=C2=A0 =C2=A0<a href=3D"https://www.wpsoftware.net/andrew" rel=3D"noref=
errer" target=3D"_blank">https://www.wpsoftware.net/andrew</a><br>
<br>
"A goose alone, I suppose, can know the loneliness of geese<br>
=C2=A0who can never find their peace,<br>
=C2=A0whether north or south or west or east"<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0--Joanna Newsom<br>
<br>
</blockquote></div>
--00000000000050e10105751ee29e--
|
