From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 8A5EA14DD for ; Wed, 5 Sep 2018 15:35:30 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f53.google.com (mail-vk0-f53.google.com [209.85.213.53]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 25B1A7A6 for ; Wed, 5 Sep 2018 15:35:29 +0000 (UTC) Received: by mail-vk0-f53.google.com with SMTP id 125-v6so2840332vke.11 for ; Wed, 05 Sep 2018 08:35:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ZMEG5evi7BDbV6JMLzMIeCq3XZO4edbhsk4YfPwGrCE=; b=CIL8S6nmZQYu6gfKRGmiLvNooed9OmJHqyPj/NDHM2JqnypkECUmMcfLm4PZQDxeqx W1tzpv+4JpjcjrE6Y7eKPrYCYWuAlnu//z8CSOk4habz9tJs9mEbhBOmkMwGvhZA6MBH d/bdeA/ASF1j5Da+4O3GEqTDGDO9mlZ3mQWMg5O0ORWg8vz4xkcNpUXiuFZIedgsRWZf mvS0L8dJKl5y8D0+4rWbHbjLSl2Bl8BNeHZy8YvX1CV8IxaIwKuzb6tUr3SarjwPuOwH UELOlg41fy7MYLX3Zqvlu1LLy6pUvKMnULVN7f5mhM95+V4t039FGP8ttkHGyFwjdhCA qGTA== X-Gm-Message-State: APzg51Cw0KlWUrzsVUOwBgKhkUjtm41OtDQDvRWOhH68Yu1DFqJCCJql CpHLZTK8N9IhoMyU7lLtaX21nUPsle52Gn0owWmoQ21O X-Google-Smtp-Source: ANB0VdYvJ4e7X+cBzrIRVrncH0SDUQ8/OncfUf7KkGvZcAAMHS2j0tEfqq9Q/qL5Wu/uW99gsAhZ50EJb3ab56yRsho= X-Received: by 2002:a1f:8ad3:: with SMTP id m202-v6mr18850415vkd.9.1536161728788; Wed, 05 Sep 2018 08:35:28 -0700 (PDT) MIME-Version: 1.0 References: <2e620d305c86f65cbff44b5fba548dc85c118f84.camel@timruffing.de> <20180812163734.GV499@boulet.lan> <20180903000518.GB18522@boulet.lan> In-Reply-To: From: Gregory Maxwell Date: Wed, 5 Sep 2018 15:35:14 +0000 Message-ID: To: Bitcoin Dev Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 06 Sep 2018 13:07:15 +0000 Subject: Re: [bitcoin-dev] Schnorr signatures BIP X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2018 15:35:30 -0000 On Wed, Sep 5, 2018 at 1:49 PM Erik Aronesty via bitcoin-dev wrote: > Detailed explanation with code snippets: > > https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-[snip] This appears to be a repost of the broken scheme you posted about on Bitcointalk, but then failed to respond to the response. https://bitcointalk.org/index.php?topic=4973123.0 > The more I look into it and speak to professors about i, the more it seems "so trivial nobody really talks about it". I think you might be falling into the trap of ignoring feedback you don't like and and accepting that which sounds like "yea yea, something like that". Something "like that" does work: and is expressly and explicitly anticipated by the BIP but to be both secure and functional requires proper delineation (E.g. musig) _and_ interaction. What you're proposing is continually vague. My best efforts at making sense of what you've written indicate that either it's non-interactive and not-actually functional at all, OR it's interactive and just a less secure subset (no proper delinearization to prevent rogue key attacks) of what we already propose. When Poelstra suggests a CAS implementation he means something like this Sage notebook: http://bitcoin.ninja/secp256k1.ecdsa.sage This provides for a method of communicating in both directions which is completely precise.