From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id AEBAEC83 for ; Wed, 12 Sep 2018 06:00:29 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f178.google.com (mail-io0-f178.google.com [209.85.223.178]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id AB2D4102 for ; Wed, 12 Sep 2018 06:00:28 +0000 (UTC) Received: by mail-io0-f178.google.com with SMTP id q5-v6so588242iop.3 for ; Tue, 11 Sep 2018 23:00:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=qxrd85G3mxf2F41VsHRtnSVIPAiuTERruI3OnlPEDz4=; b=ecZEmLyXD+ViDRrJ7laaThy3rDXn0MnHNQBfi7puiQfYWDNE48v2CNPL762Tgme5O/ J5vL7vs1gIVl44oUWV/572PE0XLB7v/+8IbIb5psTp7h0TPjzKVlpt4stl9WcWnGA5jN 2taNp9QHDaqQRhXuyb/NlDPG27nzBPqWqFaUCyhoMcgO8dhPIN6HpBjPaT9S/JTLO+oG FRmMwLCgNIekdq7442q5PaXyHhYNqf9Lpdce3RJULRR9NNn48aT7IAh+5EmRE8OFXgJq 2PMSxpQi+b0dO1WIYl3xRNlmOs3AaH8Y2zv4hQLykM4Qu1WoEt/xA0Y71xqOmqPh+shd 9RLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=qxrd85G3mxf2F41VsHRtnSVIPAiuTERruI3OnlPEDz4=; b=C/xbfe6dTE/TrdV3XG7h3KY7wuMe+eDtR3efNKISCLOpHB++1CsV7Rw8N2Y7qt5Tio /9rs1HhA0oEL7+q8DuYmGHItGYLVPqz6wBEwrH/C9RK+COhNWmHKcnSiwN1C57np7wLi c6E0hK0H1YE8KnrydCB1eqEBXJQWCiWKUEFF36ETHIS476MbECCgxWiDx4uZEm5uNV5Q 3jGD8sTzXoIkfXwJyTu/PEMpT293nqFkqfztIePsHW7vWbH6RTk3gKqxDTyMeJqcTtrG SbhVy4GNPl8DBj3BE0uFcWtDs8jbrfYVPz+yHqcmCMH1OGPEpedWC/KDE7+QYtACgz4G IGkg== X-Gm-Message-State: APzg51BGZa/mY7p+N/rpamuVIUlW0PCJEP/aRhBrxxN1W5ZaVNkG5yL3 3OKM22CF6G35yZiZTzBSFGhAXaYtH1PByhSB2F6WKrtW X-Google-Smtp-Source: ANB0VdbMo5EMQO28996rpWl1F5VHcJIIVqkoRiIaBGxzRw0HLrmeAA3fCnyJiKLW8NZRUqIR+zUE2YLZMRI88LZuRpE= X-Received: by 2002:a6b:8b82:: with SMTP id n124-v6mr209797iod.234.1536732027857; Tue, 11 Sep 2018 23:00:27 -0700 (PDT) MIME-Version: 1.0 References: <80e4e9b8-0cf3-b99e-7ac3-87ebbd8bb97c@gmail.com> In-Reply-To: <80e4e9b8-0cf3-b99e-7ac3-87ebbd8bb97c@gmail.com> From: nakagat Date: Wed, 12 Sep 2018 15:00:17 +0900 Message-ID: To: jonasdnick@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 12 Sep 2018 13:44:20 +0000 Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] Multisignature for bip-schnorr X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2018 06:00:29 -0000 Hi Jonas Thank you for your comment. I wrote a new text. https://gist.github.com/tnakagawa/e6cec9a89f698997dc58a09db541e1eb If you have time, please review this. 2018=E5=B9=B49=E6=9C=887=E6=97=A5(=E9=87=91) 17:09 Jonas Nick : > > Your multisignature writeup appears to be vulnerable to key cancellation > attacks because the aggregated public key is just the sum of public keys = (and > there is no proof of knowledge of the individual secret keys). Therefore,= in a > multisignature between Alice and an attacker, the attacker can choose the= ir key > to be -alice_key+attacker_key resulting in an aggregated key for which th= e > attacker can sign alone (without requiring Alice's partial signature). Th= e > Schnorr BIP links to the MuSig paper which describes a secure key aggrega= tion > scheme. See https://eprint.iacr.org/2018/068 > > On 8/7/18 6:35 AM, nakagat via bitcoin-dev wrote: > > Hi all, > > > > I wrote a multisignature procedure using bip-schnorr. > > > > If you have time to review and give feedback, I=E2=80=99d really apprec= iate it. > > Thanks in advance! > > > > Multisignature > > https://gist.github.com/tnakagawa/0c3bc74a9a44bd26af9b9248dfbe598b > > > > Original > > https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki#Mul= tisignatures_and_Threshold_Signatures > >