From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 03 Jun 2025 14:40:55 -0700 Received: from mail-oa1-f56.google.com ([209.85.160.56]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1uMZNP-0001mj-1g for bitcoindev@gnusha.org; Tue, 03 Jun 2025 14:40:55 -0700 Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-2e901debe9fsf2036391fac.1 for ; Tue, 03 Jun 2025 14:40:54 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1748986849; cv=pass; d=google.com; s=arc-20240605; b=iu2gP10tg8sda5UWjvH1wVa4P4Iqekt6fwZttLd2VTA0wpVzuSttf0uq+vRZ7CBlje dvG3TGMudSE+U6VMmMKP+qe5MeWitrSPd7LyqR5nyUvvVMLIcbzGthFRB8ZotqcnpJuD nKMLu1mvZafRVYxXNht/3uirKjSCqo3GLD/7f5qMdGGBozuTMsOvDjpJa9bTxIyqh/F3 Rb3r1CxGoDkcoN/OERyFgtMCiq6ef+gicBOrFgaocCFqcKZXGUKjdNb+z5ENrApybYn4 1pyBPyk4/EW1jo2MqA52QbTU8vyiq0ELQHj22dDP0BQgp+sO+6AYpOdBrb07dQSoLiEl dNwQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:content-transfer-encoding :mime-version:feedback-id:references:in-reply-to:message-id:subject :cc:from:to:date:dkim-signature; bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=; fh=BEcRhtwrlVhf5+OhI7SU6Lc4EE5gL1tiGtvuKAYLTf0=; b=OJSM7Iqr1XFhQTDo9GU6ngyjW3dpcOJlj9F96VpZdBLtBTS9BpU5r3jaLiQjb4wnOj jMR+SEOgkzeU1v00QVZUWjkyBku+Pa7ZOujnJ8/EbHAuoWTJrfbKG5IhfdW3MZBn8224 y5SAAdadb+KmTVREVQauRPFwvQdT9jtzsAJYbUuOFIjUOIeG6VsAjIabaA+oxpI1gD/i iJ9lPPQ9+z/+rzxgsyVkrPZAOt6M+3G2SXvc9oHMlILaI1gr9QL9M1vtIOoC3d6FDJir RQa5Bga0pO3sIwNMUBE46L6Pj6TUlcMTzLB6jpW1oXZHI4IuH55uZ+IXHkPk2bcf80Lk 7owQ==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX; spf=pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) smtp.mailfrom=lists@achow101.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1748986849; x=1749591649; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender :content-transfer-encoding:mime-version:feedback-id:references :in-reply-to:message-id:subject:cc:from:to:date:from:to:cc:subject :date:message-id:reply-to; bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=; b=VcHE/1A82CIwCHORoblg4O470yEmqwb7SPcuBTrM8VTer8EFCaM+9a1MoO7Ie31cHq PO2k/+LI6N8IeN2ESUEoy26tvkNtljEuRj4PDBZLPINtFysfKwdDjyAcy6flhmvSrMbh bcRTAvuGtBR+1GpIOi4ICh7gRwUxwqaENUkqcegAISe0vKrpbJt9kTHu6pLejg/eYW5O MzfBCHqPzTJuDC+f2pnKP1i/N9csqRY8EScWIdU2rEomYLRh43JmQ5CT7IonXT5DOsng gCObdOWJUGzIj36r8yOQZpizjloJqxpPW4NaV0uGFkLHy2xKtxOSDCu1uhi01bP6OWAl UIlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748986849; x=1749591649; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender :content-transfer-encoding:mime-version:feedback-id:references :in-reply-to:message-id:subject:cc:from:to:date:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ipAoXoEk+BY08hRGz7CCjScQqP5ya7trh1SDb41GS8A=; b=GwMFCI485Dgt3ZgKDHV6Ua0KyR9nm5FJlCqxJyieOw1JO5rRFIWTx/uRk4YAggdNBV +jBCQf/b4hxT+oRtjsXFtAseMRpkrUgq7b9nSEnq7dbxvKhIlsX6iLnAew080/MU9hsx /7avsYsJqz+8h5jJLY4HYLYvo/gnHCmCPGhR5oFRrnjfolXZFdKdbmQmcF5XqGzxXMBk nWVyLxgKzx1YpUR7Fg9GtEKgXZkynrC3ZtG7yaIkdzQKxM56/qFVrfPldOlfJU4pPyCd jUcfgmG7FYmTcE3h2W3HGSM7qmld257gU9iGV6Rt5p4EGhWS+4N9SCnPV6qTkOLHqbgA YbyQ== X-Forwarded-Encrypted: i=2; AJvYcCVsGkN3+FxPLNxpXArW0z2pCj+F30VyJhEo8GB+LQCB/g9vdNCYBrIaSBIdJdfEBzT6FloNAhY/vp1u@gnusha.org X-Gm-Message-State: AOJu0YwXrF85ajbyTG+jWYuiOgfFkM2cwhuye9xq0fetAM7OpkRG06N0 RXF+I3sRAUTksYjDn5uxDnCt5hI2+YUoEmr5ZaRaBagCbnGYGd+US8uA X-Google-Smtp-Source: AGHT+IHZtvfk13julkNJ7SjEYYqkBxkusnYxG4WGCaA/hMKZ4bat9FRSRkSdy084xYvBZzpGcPv0AA== X-Received: by 2002:a05:6870:7a0e:b0:2c2:542b:bce4 with SMTP id 586e51a60fabf-2e9bf15af97mr288751fac.8.1748986849013; Tue, 03 Jun 2025 14:40:49 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZf6BFQELWEGU5xtpuCWO78ToHopjrmtcWjo76e6jWTgjQ== Received: by 2002:a05:6870:1157:b0:2e8:f768:9183 with SMTP id 586e51a60fabf-2e8fe4ae3e0ls2121418fac.0.-pod-prod-02-us; Tue, 03 Jun 2025 14:40:45 -0700 (PDT) X-Received: by 2002:a05:6808:3306:b0:3fe:b1fd:527f with SMTP id 5614622812f47-408f0e9fda7mr522355b6e.1.1748986845540; Tue, 03 Jun 2025 14:40:45 -0700 (PDT) Received: by 2002:a05:600c:4930:b0:442:dc76:9493 with SMTP id 5b1f17b1804b1-451ee59ec23ms5e9; Tue, 3 Jun 2025 14:38:28 -0700 (PDT) X-Received: by 2002:a05:600c:a49:b0:442:f482:c429 with SMTP id 5b1f17b1804b1-451f0a72994mr1959015e9.8.1748986706900; Tue, 03 Jun 2025 14:38:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1748986706; cv=none; d=google.com; s=arc-20240605; b=U2umfh6Rw9K0LpVHDrjuf4DJdQSh0TVfuXU3w3AQbRyCFtf5vwx6AtOIycPb8OW7x4 acGDgHihg4txiMGFoV+v1ymxSEw1PsDQO2x+uyj7IER0c8Q5ip8gy9pLhm39/r1wZhwj vMrG0mpghBh0bdUR35zbb3LiB6Om+8Ma539zKakJlhNm368iBqDQ+XgjECmpPiFHXlZ7 P1FOlHM1zzW8C3uhfGT+XYjgx2/KTCFcC/C5QsgdcumQfaELyCFkQd2NzJ3WoIYMcA8W GB1F8zIhnOjyxvdLOB3jHzeJKJDVxw3b/cicDClJg/jOs2t+GsrrimZyaYhqf5Q+31+N vD1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:feedback-id:references :in-reply-to:message-id:subject:cc:from:to:date:dkim-signature; bh=rbV33oDIzu+XaoFBoBTi7j8m4Ue+0resVeSgqNNokNg=; fh=Zedq5pd0qyqVsmfgG+8/Y9cUOZXbXVTvFM2iZX29U/g=; b=k0jAne4aIGYcQXW7MpAn448RaRAtKbxlAfOFJ021Ns404A44mdi5i5EnkvPmZKcvqn hnIICAmqXbs2W6FKgP42MtmlZ88NaCnrXmPbxPc98HCECxs7tV5bLMoZaiQZIUenrzG+ gTB/TT40S6PstOepNltRVhyUQGyxU5p4+qPG7C7ScGWUEuIujwqpQsPlga53RvH/LN3i /0emv19J8sYgs3kfAMttTnxdoYH77e4hRfYgthu1HKxjXbrxKXDGVtWN2NIE8aPRHpTK 5lbsAU+hoX5XxSDjrHcPM4SVRKI2+VcdHq0YIxfuki2FyvNGoL07FF3mJG2oQ532iB2F 3xBw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX; spf=pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) smtp.mailfrom=lists@achow101.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com Received: from mail-10624.protonmail.ch (mail-10624.protonmail.ch. [79.135.106.24]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-451e505b5fdsi574105e9.0.2025.06.03.14.38.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Jun 2025 14:38:26 -0700 (PDT) Received-SPF: pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) client-ip=79.135.106.24; Date: Tue, 03 Jun 2025 21:38:20 +0000 To: Nagaev Boris From: "'Ava Chow' via Bitcoin Development Mailing List" Cc: bitcoindev@googlegroups.com Subject: Re: [bitcoindev] Allowing Duplicate Keys in BIP 390 musig() Expressions Message-ID: <9a25e808-1821-404c-bd47-f0ab78bca936@achow101.com> In-Reply-To: References: <08dbeffd-64ec-4ade-b297-6d2cbeb5401c@achow101.com> Feedback-ID: 53660394:user:proton X-Pm-Message-ID: f03511f6051c2c219c14bf69c6c35114bcb9efe9 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Original-Sender: lists@achow101.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@achow101.com header.s=protonmail2 header.b=EiCN+vuX; spf=pass (google.com: domain of lists@achow101.com designates 79.135.106.24 as permitted sender) smtp.mailfrom=lists@achow101.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=achow101.com X-Original-From: Ava Chow Reply-To: Ava Chow Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -1.0 (-) Hi Boris, BIP 327 explicitly allows for duplicate participant pubkeys, so as long=20 as all signing procedures follow the BIP, everything will be fine. Also,=20 BIP 327 explicitly warns against deterministic nonces for reasons=20 unrelated to duplicate pubkeys. Although, allowing duplicates does bring up an additional issue with the=20 MuSig2 PSBT fields as these inherently do not allow duplicate pubkeys. Ava On 06/03/2025 02:26 PM, Nagaev Boris wrote: > Hi Ava, > > Is it safe to allow multiple participants to have the same public key? > If deterministic nonce generation is used (deriving each participant's > nonce from the message, the set of public keys, and the participant's > private key), duplicate public keys would lead to identical nonces. > > While this may not be catastrophic (since they are signing the same > message and the private key likely can't be extracted) it still seems > risky. Identical nonces can have unexpected consequences, and I'm not > sure if all security assumptions would still hold. > > Curious what you think. > > Best, > Boris > > On Tue, Jun 3, 2025 at 6:08=E2=80=AFPM 'Ava Chow' via Bitcoin Development > Mailing List wrote: >> Hi All, >> >> In implementing musig() descriptor expressions, I realized that the >> restriction "Repeated participant public keys are not allowed" is a bit >> complicated to implement. While I don't see why anyone would want to >> duplicate keys, MuSig2 does allow duplicate participant keys and >> allowing them would make the implementation of musig() expressions much >> easier. Thus I'd like to propose changing the BIP to remove this >> restriction. >> >> Has anyone implemented musig() expressions yet with this restriction, >> and would removing it be a significant breaking change to anyone? If >> not, I'll make the change to the BIP in a few days. >> >> Thanks, >> >> Ava >> >> >> -- >> You received this message because you are subscribed to the Google Group= s "Bitcoin Development Mailing List" group. >> To unsubscribe from this group and stop receiving emails from it, send a= n email to bitcoindev+unsubscribe@googlegroups.com. >> To view this discussion visit https://groups.google.com/d/msgid/bitcoind= ev/08dbeffd-64ec-4ade-b297-6d2cbeb5401c%40achow101.com. > > > -- > Best regards, > Boris Nagaev --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= 9a25e808-1821-404c-bd47-f0ab78bca936%40achow101.com.