1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
Return-Path: <rsomsen@gmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 93985C0001
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 15 May 2021 20:35:53 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id 75A1240482
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 15 May 2021 20:35:53 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: smtp4.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id LOAVgEAp49dz
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 15 May 2021 20:35:52 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com
[IPv6:2a00:1450:4864:20::634])
by smtp4.osuosl.org (Postfix) with ESMTPS id 0B2C44047D
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 15 May 2021 20:35:51 +0000 (UTC)
Received: by mail-ej1-x634.google.com with SMTP id l1so3443971ejb.6
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 15 May 2021 13:35:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=pSLj67+ZAyiPOZLPS4OysCIWh7TMF/dLX3SDmtIASEg=;
b=kA//1C27fczBIztgE2ImByOxPGCyNsdC/he9D5fEvnxTgkk3JOQuxkRcqVq/cecpwx
j+ocigAhjVjZh7vLt+VUd9PbrhhVduDimej3n3PoA9eygVHXxpDyAS4za4PLoOhDFrSJ
XO4LLf7ezbWU/HZnUzG8Z3OIVQtSqWYp7EAW2R+g7/MG8xDtTxAocU69Y9brAXtF0ZVP
TP485a5gT3YMX21bd3heX2O6WFaygiNlXv5flfKPCdcKQGnEWBbE9dp1wYe3aQ/1pvpo
JSEn+5DShacSJOV/mQ0p2pTyu6U9DRQ4GtO44MwBpVL4qT6EtvdZUpdWZm3lypfT2j+2
7Vcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=pSLj67+ZAyiPOZLPS4OysCIWh7TMF/dLX3SDmtIASEg=;
b=fDYhg4UkLqyuH75QO9dM2Qcqdmt2dG2qt4HVywyHMLFt0gBTLvxLjVpUH/Dmi4Mi8s
CjQxFA0tLVNkwXvtKjEKX1LCtDPlfRZTLPvJcEa7lX0V/37QlXvi+ENrIE4ZTeEa37gp
Suayu0dilMGbsN7nCfMnG+DWwwEVqSIUT/x5nMwD8KYbRPnDDgw3rkReN55kFC9RnRlO
GeOLuKHjWMies9xEqNqFCAKAW0xDnMEEgL9SExcA4MAkGc4VgHBcylXCWkS8+IbzJjRh
jEFn75KxTcIK/Qh6tg6n67mETlSLUb0AkKx4NftTrZqX6+6m3flO/gIivIQEZMX388rC
7+hw==
X-Gm-Message-State: AOAM532LMZ5gk3ZnKWUCd6pIwAnJEeROP97QB63nNp+ZMTzFaFqOJc63
N4tFulARwWZv0sGA4j3yMACGHGPrTbDHi1lj8nyliHjThG8=
X-Google-Smtp-Source: ABdhPJwfem+eMNzzb1q10TAjgTxB1uLFnzGxYBk/kb3KP4P2YtArGu7MN9PBh18QVG55/EcyuCnIiVZKSUYyvSTP5sw=
X-Received: by 2002:a17:906:2ed0:: with SMTP id
s16mr28840014eji.543.1621110950185;
Sat, 15 May 2021 13:35:50 -0700 (PDT)
MIME-Version: 1.0
References: <131606955-6366ea10aec2eec765339d72e7c936ab@pmq5v.m5r2.onet>
<13a8be987fc22ecc6284de4b84ef5310f2cd420c.camel@timruffing.de>
In-Reply-To: <13a8be987fc22ecc6284de4b84ef5310f2cd420c.camel@timruffing.de>
From: Ruben Somsen <rsomsen@gmail.com>
Date: Sat, 15 May 2021 22:35:37 +0200
Message-ID: <CAPv7TjZpTGxqQKd6qUDLC_Sqffdf6947k5GVHk+JL4bDOPwXDw@mail.gmail.com>
To: vjudeu@gazeta.pl
Content-Type: multipart/alternative; boundary="00000000000053ccf905c2644e29"
X-Mailman-Approved-At: Sat, 15 May 2021 20:36:14 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Sum of the keys attack on taproot
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 15 May 2021 20:35:53 -0000
--00000000000053ccf905c2644e29
Content-Type: text/plain; charset="UTF-8"
What Tim said is right. To add to that, you may also wish to read about
MuSig:
https://blockstream.com/2018/01/23/en-musig-key-aggregation-schnorr-signatures/
Cheers,
Ruben
On Sat, May 15, 2021 at 10:32 PM Tim Ruffing via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Sat, 2021-05-15 at 12:21 +0200, vjudeu via bitcoin-dev wrote:
>
>
> > All that is needed is producing a signature matching the sum of the
> > public keys used in taproot, which is "(a+b-a)*G",
>
> This is simply not true.
>
> Taproot does not enable this, or any other form of "cross-input
> aggregation", i.e., spending multiple UTXOs with a single signature.
>
>
> Tim
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--00000000000053ccf905c2644e29
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">What Tim said is right. To add to that, you may also wish =
to read about MuSig:<div><a href=3D"https://blockstream.com/2018/01/23/en-m=
usig-key-aggregation-schnorr-signatures/">https://blockstream.com/2018/01/2=
3/en-musig-key-aggregation-schnorr-signatures/</a><br></div><div><br></div>=
<div>Cheers,</div><div>Ruben</div></div><br><div class=3D"gmail_quote"><div=
dir=3D"ltr" class=3D"gmail_attr">On Sat, May 15, 2021 at 10:32 PM Tim Ruff=
ing via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation=
.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div><blockq=
uote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1p=
x solid rgb(204,204,204);padding-left:1ex">On Sat, 2021-05-15 at 12:21 +020=
0, vjudeu via bitcoin-dev wrote:<br>
<br>
<br>
>=C2=A0 All that is needed is producing a signature matching the sum of =
the<br>
> public keys used in taproot, which is "(a+b-a)*G",=C2=A0<br>
<br>
This is simply not true.<br>
<br>
Taproot does not enable this, or any other form of "cross-input<br>
aggregation", i.e., spending multiple UTXOs with a single signature.=
=C2=A0<br>
<br>
<br>
Tim<br>
<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--00000000000053ccf905c2644e29--
|
