From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id CCE89BB6 for ; Sun, 8 Jul 2018 18:23:59 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2D447790 for ; Sun, 8 Jul 2018 18:23:59 +0000 (UTC) Received: by mail-wr1-f53.google.com with SMTP id j33-v6so8673009wrj.5 for ; Sun, 08 Jul 2018 11:23:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to; bh=pcmX5k8ypb8AeN3CM++q09Bz8384bKJg7PZwd0pd9ME=; b=alXRjbLj9ywLOnCkJUfux/4AswpJ4+KK5wECaqBSJJ2tVclUSZo+zEztQGzJAfH+FD /hVWs6LHMgbwEfGeWkr3qcx/RkA5+TcNER9DICUfM4iJc7wVHXx4nNR55OifJAVE/Rbh lQYqDW/kOR1BuN88i7BvpT94+24XxvdeC49OezLI+odRjjLi8G6xXRRVnSlj7M+bq8E8 Dy//zNZy1lcRXgzs7CdZ+iij/1YuhP1eGVZSZhlIdmg1C1MRzj4aX9aBohJWHDJbCYs/ CZMnL+nQ3pRzTSiXGPlJlf7X5gL/Fqm8gMzCuWjASgEXNpVWRQC2ALIJvhhqUM6E5kno vZhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to; bh=pcmX5k8ypb8AeN3CM++q09Bz8384bKJg7PZwd0pd9ME=; b=IhxWDxxR2Lqqy7AMjM3j/VSiCm2u3mdAsKVexag4QReiTklHebwqUuqtCDVBDLLWRE Jd999lGlbtUJFfnuC6FD3+nwl+VUGAA+qXvMccKa5Tk2fFKhs/mxck0+AHwzv2xGWvQr t5IVKDaw7AYLzPzMABADsWvvUobSOi2LqxiT47/4PdVgLDVdMj1PaQDkUgo0oq7q188i u1X8GSsRSJCjQDb6SgWZ5djdYaR1JmyP6NAEHkz7iqkkgY4VbBPts2ruP/I+eHH02tdn qVLsaGlvtHGXwSTf2fCrcFb50TnGsX6jzv2cYkxv4EaVfgovd5lvlVMOtw7lXopVjF9z f0cA== X-Gm-Message-State: APt69E1c8tMIGYwtGVde744u3JWOSn+/y1uG/48YZKHjkRGfbcyZ4See yM6q1LxAuRvLxVLrTFRmqHCfb0WrXkcyYkS4KOmx6fbdmA== X-Google-Smtp-Source: AAOMgpex+5X+/jiCIF/KguOmgHSTk1OVMV6CZp3C7sR03Uy+KhpS2nfN/5kOadwc0t9oLjtuHWxP/5BhG3n4alSq/rw= X-Received: by 2002:adf:fc45:: with SMTP id e5-v6mr7604251wrs.157.1531074237623; Sun, 08 Jul 2018 11:23:57 -0700 (PDT) MIME-Version: 1.0 References: <08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de> In-Reply-To: <08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de> Reply-To: erik@q32.com From: Erik Aronesty Date: Sun, 8 Jul 2018 14:23:45 -0400 Message-ID: To: Tim Ruffing , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="0000000000000ef3580570810029" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 09 Jul 2018 02:20:47 +0000 Subject: Re: [bitcoin-dev] Multiparty signatures X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2018 18:23:59 -0000 --0000000000000ef3580570810029 Content-Type: text/plain; charset="UTF-8" You don't have to treat the hash as a group member for the purposes of signing. Everything else about the algorithm works the same. This just enables signatures to be computed much more simply. On Sun, Jul 8, 2018, 11:32 AM Tim Ruffing via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Hi Erik, > > On Sun, 2018-07-08 at 10:19 -0400, Erik Aronesty via bitcoin-dev wrote: > > Consider changing the "e" term in the schnorr algorithm to hash of > > message (elligator style) to the power of r, rather than using > > concatenation. > > How do you compute s = x*e if e is an element of group G? > (Similar question: How do you verify if e is element of G?) > > Are you aware of > http://cacr.uwaterloo.ca/techreports/2001/corr2001-13.ps ? > This is a threshold signature scheme for Schnorr signatures, so what > you want is possible already with Schnorr signatures. > > Best, > Tim > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --0000000000000ef3580570810029 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
You don't have to treat the hash as a group member fo= r the purposes of signing.

Eve= rything else about the algorithm works the same.

<= /div>
This just enables signatures to be computed much mor= e simply.

= On Sun, Jul 8, 2018, 11:32 AM Tim Ruffing via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Hi Erik,

On Sun, 2018-07-08 at 10:19 -0400, Erik Aronesty via bitcoin-dev wrote:
> Consider changing the "e" term in the schnorr algorithm to h= ash of
> message (elligator style) to the power of r, rather than using
> concatenation.=C2=A0

How do you compute s =3D x*e if e is an element of group G?
(Similar question: How do you verify if e is element of G?)

Are you aware of
=C2=A0http://cacr.uwat= erloo.ca/techreports/2001/corr2001-13.ps ?
This is a threshold signature scheme for Schnorr signatures, so what
you want is possible already with Schnorr signatures.

Best,
Tim
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.li= nuxfoundation.org/mailman/listinfo/bitcoin-dev
--0000000000000ef3580570810029--