From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6E64DC9E for ; Thu, 13 Sep 2018 20:20:53 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B41FC7EB for ; Thu, 13 Sep 2018 20:20:52 +0000 (UTC) Received: by mail-wm1-f43.google.com with SMTP id b19-v6so88478wme.3 for ; Thu, 13 Sep 2018 13:20:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=q32-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=va1SfLiSNWtBbQZBistDHDjxcqcnmdcF+43E35NBpvg=; b=cOTDcEvRnuco4Tly1Jpe3AjHTW/5ZjIvhVWTj/ZwU9MHMbhy5lWnh+unVKSmRg9xgE ick2rTh8zd1oExJ0A0M0vfrW6IyE2BOsRpVd3Au+4xCeF/0QTPCC89IXHyZxChJQjXKK 6UDMxenRbkQK8ADNoVzoMeh484HagxfoEekAj8Pmi1sJauY4v67DTzGexyiUfeyzTyuC JmLeDtZsVafbpQdf6Gq6N1fyeRhLwQ8nVo9IcwUISJ5qewCuj0S21/3iRJPf23qmTXD6 3g9fZ1Pxq1ZUyOHJsBiyHFs9aTtUezGVNwoObpgGSNBi28NG8xN4c1wX+4I/hLzSiCng GSbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=va1SfLiSNWtBbQZBistDHDjxcqcnmdcF+43E35NBpvg=; b=ra7mJ/LZtPY2XdOE/b5D6rsg+ysHUXFiw286F52lbk54XBxglNuD+KZ/kJC7rpKKZw ZI1lFc3hgtkT+s45fcesc4b2eUyG9Ow1Sx19cTJa5atXZDYmckHlE935OpP9X15jFTur oflFzkhWMPpQ+1iAM14CYAujP4aeRnwwDsUcQwjSXmub/M/k5V4vqIWFUr/VhX6boxrs AE11aZoRnnOQBoVE9Sffl4ycrPee7TY7fgs+a+ECoA/NEctJnATHIhYRB+7e0JRAsYem tn+172bAb75O8FqnPYTI1OZWVyOuefNpRzRxmgCiSR5vziTwPk+fvkf45gcwrwlJhKbo MWcg== X-Gm-Message-State: APzg51Dg9SO/SCNVpBpDSi7jpsp76PFQ8Dz2Ro5rYmBrG1a4YcuKFVDN Eq9JjSiXzEBdwhcmvMqSSjrM409vnAiJB+6SsfUQEMI= X-Google-Smtp-Source: ANB0VdauJsHWCjzs21wFKaOrgXG9FD1suItiYyFoiJdEWf2BNBlc78j5Ffo4dZvJdJGWrbd9mAXu92cHoam4tTHZPoI= X-Received: by 2002:a1c:90e:: with SMTP id 14-v6mr6942147wmj.130.1536870051024; Thu, 13 Sep 2018 13:20:51 -0700 (PDT) MIME-Version: 1.0 References: <20180812163734.GV499@boulet.lan> <20180903000518.GB18522@boulet.lan> <20180913184649.GC18522@boulet.lan> In-Reply-To: <20180913184649.GC18522@boulet.lan> From: Erik Aronesty Date: Thu, 13 Sep 2018 16:20:36 -0400 Message-ID: To: apoelstra@wpsoftware.net Content-Type: multipart/alternative; boundary="0000000000007515910575c67147" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_FROM,HTML_MESSAGE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 14 Sep 2018 13:50:09 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Schnorr signatures BIP X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2018 20:20:53 -0000 --0000000000007515910575c67147 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable The paper refers to either: a) building up threshold signatures via concatenation, or. implicitly - in Bitcoin - b) by indicating that of M of N are valid, and requiring a validator to validate one of the permutations of M that signed - as opposed to a scheme, like a polynomial function, where the threshold is built in to the system. Maybe there's another mechanism in there that I'm not aware of - because it's just too simple to mention? - Erik On Thu, Sep 13, 2018 at 2:46 PM Andrew Poelstra wrote: > On Tue, Sep 11, 2018 at 01:37:59PM -0400, Erik Aronesty via bitcoin-dev > wrote: > > - Musig, by being M of M, is inherently prone to loss. > > > > It has always been possible to create M-of-N threshold MuSig signatures > for any > M, N with 0 < M =E2=89=A4 N. This is (a) obvious, (b) in our paper, (c) > implemented at > > > https://github.com/apoelstra/secp256k1/blob/2018-04-taproot/src/modules/m= usig/main_impl.h > > -- > Andrew Poelstra > Research Director, Mathematics Department, Blockstream > Email: apoelstra at wpsoftware.net > Web: https://www.wpsoftware.net/andrew > > "Make it stop, my love; we were wrong to try > Never saw what we could unravel in traveling light > Nor how the trip debrides like a stack of slides > All we saw was that time is taller than space is wide" > --Joanna Newsom > > --0000000000007515910575c67147 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The paper refers to either:

= =C2=A0 a) building up threshold signatures via concatenation, or. implicitl= y - in Bitcoin -
=C2=A0 b) by indicating that of M of N are = valid, and requiring a validator to validate one of the permutations of M t= hat signed - as opposed to a scheme, like a polynomial function, where the = threshold is built in to the system.

Maybe there&#= 39;s another mechanism in there that I'm not aware of - because it'= s just too simple to mention?

- Erik






On Thu, Sep 13, 2018 at 2= :46 PM Andrew Poelstra <apoelstra@wpsoftware.net> wrote:
On Tue, Sep 11, 2018 at 01:37:59PM -0400, Erik Aronesty = via bitcoin-dev wrote:
> - Musig, by being M of M, is inherently prone to loss.
>

It has always been possible to create M-of-N threshold MuSig signatures for= any
M, N with 0 < M =E2=89=A4 N. This is (a) obvious, (b) in our paper, (c) = implemented at

https://git= hub.com/apoelstra/secp256k1/blob/2018-04-taproot/src/modules/musig/main_imp= l.h

--
Andrew Poelstra
Research Director, Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web:=C2=A0 =C2=A0https://www.wpsoftware.net/andrew

"Make it stop, my love; we were wrong to try
=C2=A0Never saw what we could unravel in traveling light
=C2=A0Nor how the trip debrides like a stack of slides
=C2=A0All we saw was that time is taller than space is wide"
=C2=A0 =C2=A0 =C2=A0 =C2=A0--Joanna Newsom

--0000000000007515910575c67147--