From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 874E8C002D for ; Thu, 28 Jul 2022 15:58:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 30BFD60F81 for ; Thu, 28 Jul 2022 15:58:15 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 30BFD60F81 Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=wuille.net header.i=@wuille.net header.a=rsa-sha256 header.s=protonmail2 header.b=vWHy2mHF X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.1 X-Spam-Level: X-Spam-Status: No, score=-1.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BITCOIN_OBFU_SUBJ=1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SV8dFcFUXPBR for ; Thu, 28 Jul 2022 15:58:13 +0000 (UTC) X-Greylist: delayed 00:30:50 by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 82C2360F83 Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com [51.77.79.158]) by smtp3.osuosl.org (Postfix) with ESMTPS id 82C2360F83 for ; Thu, 28 Jul 2022 15:58:13 +0000 (UTC) Date: Thu, 28 Jul 2022 15:58:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wuille.net; s=protonmail2; t=1659023886; x=1659283086; bh=z3dqGCQBypwpbqmTcroAW38L15ijCz2Wo9KzTO5f3EI=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To: Feedback-ID:Message-ID; b=vWHy2mHFG2QsluYhdYXM2lnzUhorI7xpsUAJnPntDtcSw76ZNchAur1DZDqAv+Mpi rvu77yhip6C/VrWuLyA+W4/0q5iV1j6TnEa32kD1PrTVB8sqF8E3mCkPopcTZqZK1l xPaKZGUDBhSNTEe/FhrzY85ylxYx0PhUE5SN1PU6q+g5ozclMXlygG5Z+JyDB0IyWl lzzu87D5sv/U5v6hWXm9SweAb33KnbDtGqaWXjkRtjRNjV4gY3kzZHCIhvfLekAZnp oSL1mfT40B8IBbEJO4zfqPhlKTFRkXcjBfXEGMwZTUByxj9QB5BUVrkhVsxyc8Ksj5 Rue9sAiwQl6mQ== To: Ali Sherief From: Pieter Wuille Reply-To: Pieter Wuille Message-ID: <3CQzcfbQ1qjdBAAViGbW7aXwJBWv3uov0YNHAHS0xtMCLxodi6veZDTIygYXj_P8JrT15hgupZUBah0HLw3B6GjvegZYv52gHUSBy8tCk-E=@wuille.net> In-Reply-To: References: Feedback-ID: 19463299:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 28 Jul 2022 19:05:20 +0000 Cc: "bitcoin-dev@lists.linuxfoundation.org" Subject: Re: [bitcoin-dev] Zero-knowledge proofs e.g. Schnorr are incompatible with address signing without compromise X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2022 15:58:15 -0000 ------- Original Message ------- On Thursday, July 28th, 2022 at 11:51 AM, Ali Sherief = wrote: > The way I understood the BIP, was that a user can do batch recovery or si= ngle-key recovery. Can you explain how it is possible to recover a public k= ey from a single-key signature, because a few days earlier on the BIP-notat= ether-messageverify thread I was told (I think it was achow) that Schnorr d= oesn't allow for public key recovery. No, BIP340, in its design decisions, had to choice to either support public= key recovery, or support batch validation. We chose to support batch valid= ation for a variety of reason. BIP340 does not in any way support key recov= ery. > > > , just like BIP340). > > > > How so? Every taproot compatible wallet has a BIP340 implementation. > > > I guess I made an assumption, since almost all of the wallets I have seen= did not have a sign message feature, not even for legacy addresses. I'm not talking about sign message, I'm talking about BIP340 for the purpos= e of transaction signing, as it's the signature scheme used in BIP341/BIP34= 2. My point being: for any prospective message signing feature, if the wallet = supports taproot signing, they inevitably already have code to produce BIP3= 40 signatures. If they don't support taproot signing, then message signing = for it is irrelevant. Cheers, -- Pieter