From: Nagaev Boris <bnagaev@gmail.com>
To: Ava Chow <lists@achow101.com>
Cc: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] Allowing Duplicate Keys in BIP 390 musig() Expressions
Date: Tue, 3 Jun 2025 18:26:47 -0300 [thread overview]
Message-ID: <CAFC_Vt5z+B+F=QOytZ96ptRFweX1aGBV-CXHqwv54UAyo_iiAw@mail.gmail.com> (raw)
In-Reply-To: <08dbeffd-64ec-4ade-b297-6d2cbeb5401c@achow101.com>
Hi Ava,
Is it safe to allow multiple participants to have the same public key?
If deterministic nonce generation is used (deriving each participant's
nonce from the message, the set of public keys, and the participant's
private key), duplicate public keys would lead to identical nonces.
While this may not be catastrophic (since they are signing the same
message and the private key likely can't be extracted) it still seems
risky. Identical nonces can have unexpected consequences, and I'm not
sure if all security assumptions would still hold.
Curious what you think.
Best,
Boris
On Tue, Jun 3, 2025 at 6:08 PM 'Ava Chow' via Bitcoin Development
Mailing List <bitcoindev@googlegroups.com> wrote:
>
> Hi All,
>
> In implementing musig() descriptor expressions, I realized that the
> restriction "Repeated participant public keys are not allowed" is a bit
> complicated to implement. While I don't see why anyone would want to
> duplicate keys, MuSig2 does allow duplicate participant keys and
> allowing them would make the implementation of musig() expressions much
> easier. Thus I'd like to propose changing the BIP to remove this
> restriction.
>
> Has anyone implemented musig() expressions yet with this restriction,
> and would removing it be a significant breaking change to anyone? If
> not, I'll make the change to the BIP in a few days.
>
> Thanks,
>
> Ava
>
>
> --
> You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/08dbeffd-64ec-4ade-b297-6d2cbeb5401c%40achow101.com.
--
Best regards,
Boris Nagaev
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAFC_Vt5z%2BB%2BF%3DQOytZ96ptRFweX1aGBV-CXHqwv54UAyo_iiAw%40mail.gmail.com.
next prev parent reply other threads:[~2025-06-03 21:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-03 21:07 [bitcoindev] Allowing Duplicate Keys in BIP 390 musig() Expressions 'Ava Chow' via Bitcoin Development Mailing List
2025-06-03 21:26 ` Nagaev Boris [this message]
2025-06-03 21:38 ` 'Ava Chow' via Bitcoin Development Mailing List
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFC_Vt5z+B+F=QOytZ96ptRFweX1aGBV-CXHqwv54UAyo_iiAw@mail.gmail.com' \
--to=bnagaev@gmail.com \
--cc=bitcoindev@googlegroups.com \
--cc=lists@achow101.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox