From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 809FBE8F for ; Wed, 5 Sep 2018 13:15:13 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id C149AA8 for ; Wed, 5 Sep 2018 13:15:12 +0000 (UTC) Received: by mail-wr1-f52.google.com with SMTP id u12-v6so7621509wrr.4 for ; Wed, 05 Sep 2018 06:15:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=q32-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UjmK0CbsDua3lNifOWuSS2wBaU7c7pvBuu9D4+wCJ4U=; b=YXd1v2qswGlSgH/rCSTisfH53c1s9cz2GA8/zpFjJkIKlEG40dXXQRUlsWZMSVgmiQ JTiOKa/TGjVYDIcjovUq51e3DHRVr/GFWZP3PvChqdui934qyndDAN5LBlxNky8ZocAM DbwOoVk2WICYnTgFJfjBkOZtDkdX8EPjXSkgXYzGzHH8tUK/jyhD8XBhq2vpdedrnJqO 1qkLL+IC3HNz7ljuR0eQLt+HVh/7uhsp7tk6ig2BcmpxMiFv6bAfUQInEZZ4dueABQtL MSSAYCBOCDMxaTKrxjdmVjcMN6SrZsYZuqxc+h4bdb3R2QLQWrb3RlVtkkDhGsfT2lNA Lp9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UjmK0CbsDua3lNifOWuSS2wBaU7c7pvBuu9D4+wCJ4U=; b=J6kLvyJtpTjvLDevJbPGMR/hdeIJWyOzcUUwJ24iquEuv5dbzF4aeQSYc/ns7k03MH 0ZPXvnLODTPVLaXfrtcCA/kj3blaAZbpOVWBl9iXO1nBTUUCbOPQ1ndzrXpXDsyzuvBA tz1DYPL+hGEsCnYTE/GX4zWbKJMmifzXdymdwm9L9Zf4zQPy2NeqXcwVk8lOBiNdlW0A kljjWQa45armcVA5bcctNEbcNow2O5AJGbRrQzQ/NQKByrk5DTFirUrNENdrOdt4OKfn 7PE0xA/4spsiBvUvDGOJyDy6Tu9Mb4sUt6ztgCrwVbT9v846QBf6zjsZH5nZE7RkEoaY Fx7Q== X-Gm-Message-State: APzg51DsO3bXgXgK3ZRR2jp/gLoRGDbmBf/yXtG265Q1AftanRS8mpr4 e6QlNYAc8Q0N/Ru2dj0Fv408FkyjYI56OLB6eMM1QYA= X-Google-Smtp-Source: ANB0Vdbtg3tgd0p+WFAjlQqTkCmlahGdBhn8vFpSm6PW9JzB4zpR9gTuijGj+QIJ+kLV7/plGoiehK2ezJOPEf4WgII= X-Received: by 2002:adf:f687:: with SMTP id v7-v6mr26646117wrp.201.1536153311156; Wed, 05 Sep 2018 06:15:11 -0700 (PDT) MIME-Version: 1.0 References: <2e620d305c86f65cbff44b5fba548dc85c118f84.camel@timruffing.de> <20180812163734.GV499@boulet.lan> <20180903000518.GB18522@boulet.lan> <20180905130559.GH18522@boulet.lan> In-Reply-To: <20180905130559.GH18522@boulet.lan> From: Erik Aronesty Date: Wed, 5 Sep 2018 09:14:55 -0400 Message-ID: To: apoelstra@wpsoftware.net Content-Type: multipart/alternative; boundary="0000000000006ea41a05751f90c0" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 05 Sep 2018 13:44:12 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Schnorr signatures BIP X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2018 13:15:13 -0000 --0000000000006ea41a05751f90c0 Content-Type: text/plain; charset="UTF-8" Correct, there is an interaction step to deduce G*k, when signing, each participant has to publishes G*ki. I didn't talk about it. That doesn't break it, but you're correct, it's not non-interactive. On Wed, Sep 5, 2018 at 9:06 AM Andrew Poelstra wrote: > On Wed, Sep 05, 2018 at 08:26:14AM -0400, Erik Aronesty wrote: > > Why would you call it FUD? All the weird hemming and hawing about it is > > really strange to me. The more I look into it and speak to professors > > about i, the more it seems "so trivial nobody really talks about it". > > > > 1. Generate an M of N shared public key (done in advance of signing .... > > this gets you the bitcoin address) > > 2. Generate signature fragments (this can be done offline, with no > > communication between participants) > > > > Detailed explanation with code snippets: > > > > > https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f > > > > The hemming and hawing is because you've been repeatedly told that your > scheme doesn't work, and to please implement it in some computer algebra > system so that you can see that (or so we can see where your mistake is), > and you instead continue to post incomplete/incoherent copies of the same > thing across multiple mediums - Reddit, this list, Bitcointalk, Medium, > etc ad nauseum. > > It's distracting and offensive to people who have spent a lot of time and > energy thinking about this stuff, and more importantly it causes confusion > in the public eye. Phrasings like "weird hemming and hawing" suggest that > we don't know/don't care about some insight you have, which is not true. > This is why your posts are FUD. > > For example, in your linked post I looked at every single instance of the > character 'k' and *not one of them* defined the value 'k' from which 'R' > is derived in the signing procedure. > > > Of course there is no possible value, individual signers cannot learn 'R' > at signing time without interaction, and your whole scheme is broken. Given > the number of times you've been told this, I find it hard to believe that > this was an honest mistake. > > > > Andrew > > > > -- > Andrew Poelstra > Research Director, Mathematics Department, Blockstream > Email: apoelstra at wpsoftware.net > Web: https://www.wpsoftware.net/andrew > > "Make it stop, my love; we were wrong to try > Never saw what we could unravel in traveling light > Nor how the trip debrides like a stack of slides > All we saw was that time is taller than space is wide" > --Joanna Newsom > > --0000000000006ea41a05751f90c0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Correct, there is an interaction step to = deduce G*k, when signing, each participant has to publishes G*ki. I didn= 9;t talk about it.=C2=A0=C2=A0 That doesn't break it, but you're co= rrect, it's not non-interactive.

On Wed, Sep 5, 2018 at 9:06 AM Andrew Poelstra <= ;apoelstra@wpsoftware.net&g= t; wrote:
On Wed, Sep 05, 2018 at 0= 8:26:14AM -0400, Erik Aronesty wrote:
> Why would you call it FUD?=C2=A0 =C2=A0All the weird hemming and hawin= g about it is
> really strange to me.=C2=A0 The more I look into it and speak to profe= ssors
> about i, the more it seems "so trivial nobody really talks about = it".
>
> 1. Generate an M of N shared public key (done in advance of signing ..= ..
> this gets you the bitcoin address)
> 2. Generate signature fragments (this can be done offline, with no
> communication between participants)
>
> Detailed explanation with code snippets:
>
> https://medium.com/@si= mulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f
>

The hemming and hawing is because you've been repeatedly told that your=
scheme doesn't work, and to please implement it in some computer algebr= a
system so that you can see that (or so we can see where your mistake is), and you instead continue to post incomplete/incoherent copies of the same thing across multiple mediums - Reddit, this list, Bitcointalk, Medium,
etc ad nauseum.

It's distracting and offensive to people who have spent a lot of time a= nd
energy thinking about this stuff, and more importantly it causes confusion<= br> in the public eye. Phrasings like "weird hemming and hawing" sugg= est that
we don't know/don't care about some insight you have, which is not = true.
This is why your posts are FUD.

For example, in your linked post I looked at every single instance of the character 'k' and *not one of them* defined the value 'k' f= rom which 'R'
is derived in the signing procedure.


Of course there is no possible value, individual signers cannot learn '= R'
at signing time without interaction, and your whole scheme is broken. Given=
the number of times you've been told this, I find it hard to believe th= at
this was an honest mistake.



Andrew



--
Andrew Poelstra
Research Director, Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web:=C2=A0 =C2=A0https://www.wpsoftware.net/andrew

"Make it stop, my love; we were wrong to try
=C2=A0Never saw what we could unravel in traveling light
=C2=A0Nor how the trip debrides like a stack of slides
=C2=A0All we saw was that time is taller than space is wide"
=C2=A0 =C2=A0 =C2=A0 =C2=A0--Joanna Newsom

--0000000000006ea41a05751f90c0--