1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id CCE89BB6
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 8 Jul 2018 18:23:59 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
[209.85.221.53])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2D447790
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 8 Jul 2018 18:23:59 +0000 (UTC)
Received: by mail-wr1-f53.google.com with SMTP id j33-v6so8673009wrj.5
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 08 Jul 2018 11:23:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:reply-to:from:date:message-id
:subject:to; bh=pcmX5k8ypb8AeN3CM++q09Bz8384bKJg7PZwd0pd9ME=;
b=alXRjbLj9ywLOnCkJUfux/4AswpJ4+KK5wECaqBSJJ2tVclUSZo+zEztQGzJAfH+FD
/hVWs6LHMgbwEfGeWkr3qcx/RkA5+TcNER9DICUfM4iJc7wVHXx4nNR55OifJAVE/Rbh
lQYqDW/kOR1BuN88i7BvpT94+24XxvdeC49OezLI+odRjjLi8G6xXRRVnSlj7M+bq8E8
Dy//zNZy1lcRXgzs7CdZ+iij/1YuhP1eGVZSZhlIdmg1C1MRzj4aX9aBohJWHDJbCYs/
CZMnL+nQ3pRzTSiXGPlJlf7X5gL/Fqm8gMzCuWjASgEXNpVWRQC2ALIJvhhqUM6E5kno
vZhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:reply-to
:from:date:message-id:subject:to;
bh=pcmX5k8ypb8AeN3CM++q09Bz8384bKJg7PZwd0pd9ME=;
b=IhxWDxxR2Lqqy7AMjM3j/VSiCm2u3mdAsKVexag4QReiTklHebwqUuqtCDVBDLLWRE
Jd999lGlbtUJFfnuC6FD3+nwl+VUGAA+qXvMccKa5Tk2fFKhs/mxck0+AHwzv2xGWvQr
t5IVKDaw7AYLzPzMABADsWvvUobSOi2LqxiT47/4PdVgLDVdMj1PaQDkUgo0oq7q188i
u1X8GSsRSJCjQDb6SgWZ5djdYaR1JmyP6NAEHkz7iqkkgY4VbBPts2ruP/I+eHH02tdn
qVLsaGlvtHGXwSTf2fCrcFb50TnGsX6jzv2cYkxv4EaVfgovd5lvlVMOtw7lXopVjF9z
f0cA==
X-Gm-Message-State: APt69E1c8tMIGYwtGVde744u3JWOSn+/y1uG/48YZKHjkRGfbcyZ4See
yM6q1LxAuRvLxVLrTFRmqHCfb0WrXkcyYkS4KOmx6fbdmA==
X-Google-Smtp-Source: AAOMgpex+5X+/jiCIF/KguOmgHSTk1OVMV6CZp3C7sR03Uy+KhpS2nfN/5kOadwc0t9oLjtuHWxP/5BhG3n4alSq/rw=
X-Received: by 2002:adf:fc45:: with SMTP id
e5-v6mr7604251wrs.157.1531074237623;
Sun, 08 Jul 2018 11:23:57 -0700 (PDT)
MIME-Version: 1.0
References: <CAJowKgLrSe77sqO2iB7mYboo_HW=YjO4=AFdv7L5FUi2vygMiQ@mail.gmail.com>
<08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de>
In-Reply-To: <08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de>
Reply-To: erik@q32.com
From: Erik Aronesty <earonesty@gmail.com>
Date: Sun, 8 Jul 2018 14:23:45 -0400
Message-ID: <CAJowKgL050GVKnadxHd=9qk=DdpZxs6gJ+8vYY1+7ss9tCJSBg@mail.gmail.com>
To: Tim Ruffing <crypto@timruffing.de>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000000ef3580570810029"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Mon, 09 Jul 2018 02:20:47 +0000
Subject: Re: [bitcoin-dev] Multiparty signatures
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jul 2018 18:23:59 -0000
--0000000000000ef3580570810029
Content-Type: text/plain; charset="UTF-8"
You don't have to treat the hash as a group member for the purposes of
signing.
Everything else about the algorithm works the same.
This just enables signatures to be computed much more simply.
On Sun, Jul 8, 2018, 11:32 AM Tim Ruffing via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi Erik,
>
> On Sun, 2018-07-08 at 10:19 -0400, Erik Aronesty via bitcoin-dev wrote:
> > Consider changing the "e" term in the schnorr algorithm to hash of
> > message (elligator style) to the power of r, rather than using
> > concatenation.
>
> How do you compute s = x*e if e is an element of group G?
> (Similar question: How do you verify if e is element of G?)
>
> Are you aware of
> http://cacr.uwaterloo.ca/techreports/2001/corr2001-13.ps ?
> This is a threshold signature scheme for Schnorr signatures, so what
> you want is possible already with Schnorr signatures.
>
> Best,
> Tim
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--0000000000000ef3580570810029
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">You don't have to treat the hash as a group member fo=
r the purposes of signing.<div dir=3D"auto"><br></div><div dir=3D"auto">Eve=
rything else about the algorithm works the same.<br><div dir=3D"auto"><br><=
/div><div dir=3D"auto">This just enables signatures to be computed much mor=
e simply.</div></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr">=
On Sun, Jul 8, 2018, 11:32 AM Tim Ruffing via bitcoin-dev <<a href=3D"ma=
ilto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" rel=3D"norefe=
rrer">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div><blockq=
uote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc =
solid;padding-left:1ex">Hi Erik,<br>
<br>
On Sun, 2018-07-08 at 10:19 -0400, Erik Aronesty via bitcoin-dev wrote:<br>
> Consider changing the "e" term in the schnorr algorithm to h=
ash of<br>
> message (elligator style) to the power of r, rather than using<br>
> concatenation.=C2=A0 <br>
<br>
How do you compute s =3D x*e if e is an element of group G?<br>
(Similar question: How do you verify if e is element of G?)<br>
<br>
Are you aware of <br>
=C2=A0<a href=3D"http://cacr.uwaterloo.ca/techreports/2001/corr2001-13.ps" =
rel=3D"noreferrer noreferrer noreferrer" target=3D"_blank">http://cacr.uwat=
erloo.ca/techreports/2001/corr2001-13.ps</a> ?<br>
This is a threshold signature scheme for Schnorr signatures, so what<br>
you want is possible already with Schnorr signatures.<br>
<br>
Best,<br>
Tim<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" rel=3D"noreferrer =
noreferrer" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer noreferrer" target=3D"_blank">https://lists.li=
nuxfoundation.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--0000000000000ef3580570810029--
|
