From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 880D6E54 for ; Fri, 7 Sep 2018 08:09:57 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 395858B for ; Fri, 7 Sep 2018 08:09:56 +0000 (UTC) Received: by mail-wr1-f42.google.com with SMTP id w11-v6so14015049wrc.5 for ; Fri, 07 Sep 2018 01:09:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:references:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=1wQ8QADiYcLcDgmD4qhWUunAIUCCuaoJzzlG2fferR0=; b=oqRaMIM2ntkvKW6vLlxFJ467a7b4HrzI71hBMBNRcDU3E6XnCwgLtIG+doz4phu3wt 6m9Fjy38hbIOox88MSvJxf1MoMJkaELNXbycAbDed5OJfMsYnkGO9E+qNFaLmWA3O7Kb qmoi2gdr3yWZlQJsDwb3d/3ZL3N0WUQQNpUma2irYZ10Ymh/nYj9Wjnqc9QKTN79lGCx T/eR2gkdnd4TbvSHvxRPkO9uWuLkDKsOFQ8QIzLzEBbeEYqJTKAa+R2NHuVDiwuTtlDt PB62DCYrv5a3QxXsqCJD1hTBk+Ncr13zHZf9GtcKvM3H0OJoWTnVgqkM1CUJ1PgKwvr5 tTbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=1wQ8QADiYcLcDgmD4qhWUunAIUCCuaoJzzlG2fferR0=; b=tkV+BFp2wrIP/psXuZfSJOvAHeTMoljxQm73yA/5zZngpcEo3EwMj+jUiGTIyU92OS kvDHrN8TwGaqKx/XZhozpEGETPN3KqIx7oV9ALe4h2kuE5TkJIwDXWohpCZxXGZsZ5RK BnQj6lWZgS86RMmWvElH/LDgXMKqmIPhMtM/88hJp2Fpwx+CTcTTOdER8j57zMw1yOke rxv56w7Bmgf+RSwU9c+c97a+de2ROUf2yAInjVmcPmRS88jA3HUqyXNMhUnreUihRq0W VXKLVGnsSR9Cr8YQrCDsq9L2chi2PguH1UDX3Oa05entsHL3+IIlx0FFNFNegW3reUXf q3zQ== X-Gm-Message-State: APzg51AN6e1HuC8JVjeHoCLVACvBKb13WBBjYYKFMMod6hkvY3I8ae0L DeJEdsLLUxdEmQibb+JJQ51ycns5bUA= X-Google-Smtp-Source: ANB0VdbzMB7O5pWbNBBtMjjYOg24XGQgrQLaGxec/2g0RSeMomxvfSI4qamFzBv7lsNA/pSrxz920g== X-Received: by 2002:adf:a30a:: with SMTP id c10-v6mr5637298wrb.31.1536307794268; Fri, 07 Sep 2018 01:09:54 -0700 (PDT) Received: from [10.12.10.17] ([62.112.9.166]) by smtp.googlemail.com with ESMTPSA id 1-v6sm11574455wmf.47.2018.09.07.01.09.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Sep 2018 01:09:53 -0700 (PDT) From: Jonas Nick X-Google-Original-From: Jonas Nick To: nakagat , Bitcoin Protocol Discussion References: Openpgp: preference=signencrypt Autocrypt: addr=jonasd.nick@gmail.com; prefer-encrypt=mutual; keydata= xsFNBFQ2o3oBEACv5N5WajlYk+i/4B8FmniipCB4biIKg38spMNt1EYM6RzTu+hbOrVOlJW8 fq/ih+dvlpreGxRPQlX4jr75kwoJCykd3geywTUl3KPLeJ/JRQJ8fVkine4Wr5qB5Jwo3+wt inDVooaaF32Y0HolNacXVzT1x9uwn83Bz/ifg+iGATn/e1Si3ga/ytY5wYDzFz6aUDRW8ulu DcG8ARMAgtzmi66EuyQyIWwSyoWFU8wJ98slU9LKuTu23r6HdxFuV+P2H1omJm+z8cd4QBMj I23uHst0Wx1MyTeVhZCnQAghyasA3oopwzqRf5wwECAui1oZhr59R4R1DHJjn0PeWZXBSnOo XPQ1ERjz4nQrODiIDEabD5DClPHZ1bte0tswm1aYBtD8/me9ck+SJdoH5r0DJrXCTtNl1XG1 9TTUINQe0eaQUOTakZmVaneCeSrw/pKOknkzudOCNCbmngKa2oJQOynrdsBuoigIYY+NQdot fk1nJljrBzyTh4sFktbHyA24x/hCykMX6FnIQxDnsGR+S3I+vzADBLBBMQQtZsUA+xnvPu4l 6You5SZMVhgprQy38bKybeIGxSZtmPNtBf8ouKhAUpbIfOaq6BoP4EtueXk/vyieFxXiIkbF N6b3pjhkG7wVG17HqCqeVeHz1ZAQJUPcqDQAPaelBf38RXPbeQARAQABzSJKb25hcyBOaWNr IDxqb25hc2Qubmlja0BnbWFpbC5jb20+wsF/BBMBAgApAhsDBwsJCAcDAgEGFQgCCQoLBBYC AwECHgECF4AFAlYEdT0FCQdxbEMACgkQsacOT43NA2azdhAAkylnTYtnOrXbd0IPfbTSOQN7 fBaur/z3/CvO3H26J78tyKncZ6ZTbGWjkBHbbC0Hcer00Mz+XxJnKW9tEQBPdjZ+eWpgAoNp mHyUDaeyy71H+zd+JGZwAIsg/e27TMymTrFPZc7Bc7b8CjK+iYjE2p+Q1bEDsAODqd2gAKT+ DhV36NThpllDnJAmJZuF4Vh/otMn7BTBqw9WiHBPymMPyfC/f185+XSopN7za0gPN1Fc8xBd 3JGrHTB7hi+49w3IVPs1dBLl+B46SzerlkMIpQPZ0y5WIEXae3uz8enLOI9jGIl7TQtFVFow KAZMO77advua/ih1rq1Or41oM1HJ+VovO4cI4uhCPYUAJWrSb99VzL78hl64sEu3IOTvX1p3 S1RhJkaF9cAF2Domc9SA9s22J5yKx4dqk7uqCmelnm5vPEc59fdpRjb+DhYq+5eNRBxypSXh 1ZfUzvszh20TOIgU+s3eDyJMI7G3MqZr8pKiDzmOdHYwICJP4VH/lguuwg5NT147OSorYk41 pTBhM9gT0jJl3fsqfW4axeguqfHrwyVS9bD3ZdlveA+yg+MRJkNjw6yofCYuw9iTskqXJ/7S wjPhxd4gqLxmGNUyeqXQSytQc08gHMX6w91wVXjs3oFUHiBvaXqAis2pFA7528LI46WlZ3pf h/OZDthBG7bOwU0EWVEx3gEQAMH7dVvWR+idYEe3OVDY/SVV80wjfOe1zTDTOQ+qB8D5Fin8 7v3Rpt8y0RxW3Y4Fbljoi635jhJo3/MoTHvZSes61LbnPzUjReYmIqMYprJ5HSF+IkskW9E5 P078G6wI2hxwjRXXg4y+Z+oYk3C8GBH1Ejjs2i3lmYIPACMUKDba26ZIuxkjK5OB3tZHmTOu YRJ9eP5KltSD4P6Y6ZTgDlvUpQeJa0w52A4dOQARmyKDiGJ5z+x8gSeCK3IrYWyt79et364R SWZG4pFj34fnHIcHPebwOMX6gMZdPIyKNxaTwA62gnQp5loJoJJUTsgSTSOW1Dzvjjxm/4iW M2HlS6NT0f80fSw1GnfIxSSPrx2F4Iwg8ckAWzy/EYcGr7+pHJ28AVVN4q0EG/9WvTsL9iM9 Zqbw9cI9faDTDuJfYtcxIorMgkmDF4u14GFdzSsx5loTO+/7VFZhFDLLCC1eHCzOvLjHFg+9 XpR0N7eArpDiYBWPFWBVthHtb6JuXqAWyZ+0LZZw2JGM4/gzUdFr+1FznJX1MqtlwtrAggM4 xrPlnIf4qwL6B074tr00vzr4YIzl0FUGti9Qx+xozqeO2NmKltXmfBYfBJZdnfanVHp8XMDS +z7CVKCzMkmnuyJ0QrY0jJVAxOvlwLQy363Nk5pRprrHna2R2+ZsTqf8Cw3dABEBAAHCwXwE GAEIACYWIQQ2xxo3ydmIveglCNmxpw5Pjc0DZgUCWVEx3gIbDAUJA8JnAAAKCRCxpw5Pjc0D ZgeWEACfP52WfyPUWMg8mZax834TW/RGBaUi9KQZc0tRX8lDrsD42aunTF+8va8t4/vw4Cfy kloL+5mcz9orWzp+9YVO98U0O2s76zDTxBIJC5pp8ZRoqCZbRhD2w7DBNxgazeChCmsSmADn /3ktkAztTI99I/xa/i7/PhVKn/MQJZ/vzFOwdvxaVar8W7jsWnzw43DFMVIVyWrwXeBaKVFe vBwvnltvbmNyvx8L+3W0dPP4biVsCbT6Fteki++c3XoAooCut7ld9wP0oNiYUUFMSd2rEErd QHPnaTGil/KAO2BMQEbcCXbDX7L9PX6rjonPwQIbaP3zNbuRfZj8LRKzz7ih+gOJRMPGGYX1 eMUVXwoi8EQeofLM7wmOQikXlDbVR0a3+kKj/g6yKsBFvRbtSx73DeLg2Zp4EodoUnF/0W3V JqZCWeI794kfk6NFvKKn1GLfxdyj82wiqzzCNFnYe6H4l78kGCZ7E0yg0u0M0kCjtDfBlxHJ r1FDbWf3e4yX76QwxsQwR5yiY9mpWWo6Z6XFDT2Jz6HQX7y9oJhV/cLyAMzVz3Y7BSLm9tX5 /pX1TjOC7jsEBBPYFk1XyLQ+Ip6ZT0TZx7nXNoF08GhTXFLLx7tSNzx1IE+Go0FXcA0vmYUy Ex981QeJInExpznDYCvx7pHU1PzImXcSLzWzqR8Anw== Message-ID: <80e4e9b8-0cf3-b99e-7ac3-87ebbd8bb97c@gmail.com> Date: Fri, 7 Sep 2018 08:11:56 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US-large Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 07 Sep 2018 13:46:18 +0000 Subject: Re: [bitcoin-dev] Multisignature for bip-schnorr X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Sep 2018 08:09:57 -0000 Your multisignature writeup appears to be vulnerable to key cancellation attacks because the aggregated public key is just the sum of public keys (and there is no proof of knowledge of the individual secret keys). Therefore, in a multisignature between Alice and an attacker, the attacker can choose their key to be -alice_key+attacker_key resulting in an aggregated key for which the attacker can sign alone (without requiring Alice's partial signature). The Schnorr BIP links to the MuSig paper which describes a secure key aggregation scheme. See https://eprint.iacr.org/2018/068 On 8/7/18 6:35 AM, nakagat via bitcoin-dev wrote: > Hi all, > > I wrote a multisignature procedure using bip-schnorr. > > If you have time to review and give feedback, I’d really appreciate it. > Thanks in advance! > > Multisignature > https://gist.github.com/tnakagawa/0c3bc74a9a44bd26af9b9248dfbe598b > > Original > https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki#Multisignatures_and_Threshold_Signatures >