Re: [bitcoin-dev] Multisignature for bip-schnorr

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: nakagat <nakagat@gmail.com>
To: jonasdnick@gmail.com
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Multisignature for bip-schnorr
Date: Wed, 12 Sep 2018 15:00:17 +0900	[thread overview]
Message-ID: <CAHk9a9dEu9y1-trZLyTwd3vWrwrUt2SOB=zi4covG6XkOy7ZbA@mail.gmail.com> (raw)
In-Reply-To: <80e4e9b8-0cf3-b99e-7ac3-87ebbd8bb97c@gmail.com>

Hi Jonas

Thank you for your comment.

I wrote a new text.
https://gist.github.com/tnakagawa/e6cec9a89f698997dc58a09db541e1eb

If you have time, please review this.
2018年9月7日(金) 17:09 Jonas Nick <jonasdnick@gmail.com>:
>
> Your multisignature writeup appears to be vulnerable to key cancellation
> attacks because the aggregated public key is just the sum of public keys (and
> there is no proof of knowledge of the individual secret keys). Therefore, in a
> multisignature between Alice and an attacker, the attacker can choose their key
> to be -alice_key+attacker_key resulting in an aggregated key for which the
> attacker can sign alone (without requiring Alice's partial signature). The
> Schnorr BIP links to the MuSig paper which describes a secure key aggregation
> scheme. See https://eprint.iacr.org/2018/068
>
> On 8/7/18 6:35 AM, nakagat via bitcoin-dev wrote:
> > Hi all,
> >
> > I wrote a multisignature procedure using bip-schnorr.
> >
> > If you have time to review and give feedback, I’d really appreciate it.
> > Thanks in advance!
> >
> > Multisignature
> > https://gist.github.com/tnakagawa/0c3bc74a9a44bd26af9b9248dfbe598b
> >
> > Original
> > https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki#Multisignatures_and_Threshold_Signatures
> >

     prev parent reply	other threads:[~2018-09-12  6:00 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-07  6:35 [bitcoin-dev] Multisignature for bip-schnorr nakagat
2018-08-29 11:28 ` Erik Aronesty
2018-08-31  5:22 ` nakagat
2018-09-07  8:11 ` Jonas Nick
2018-09-12  6:00   ` nakagat [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHk9a9dEu9y1-trZLyTwd3vWrwrUt2SOB=zi4covG6XkOy7ZbA@mail.gmail.com' \
    --to=nakagat@gmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=jonasdnick@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox