From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B0B99CC1 for ; Thu, 19 Jul 2018 13:11:50 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-it0-f46.google.com (mail-it0-f46.google.com [209.85.214.46]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 895CF604 for ; Thu, 19 Jul 2018 13:11:49 +0000 (UTC) Received: by mail-it0-f46.google.com with SMTP id 188-v6so9112211ita.5 for ; Thu, 19 Jul 2018 06:11:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blockstream.io; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=VBlE93yLz7Egq+cLwb1OlFqypsGWDXH0b51cxdonUs4=; b=GlVWV9nH/iXha/oMe0bAPsR2WWtJlHjF33U12+ERZIFQ8+1ubiiU0/J3N8M7Btu1bD PYzbKThKHDRCvmSegCJZkTQpVuGmlyTTgCj+qY5HKBcpCE2jWZz3lOivQIroLGrwgbuY e0GgKkzSLnEci5lYl9zCw9ZH8y26PN3iyiio8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=VBlE93yLz7Egq+cLwb1OlFqypsGWDXH0b51cxdonUs4=; b=QNAzeVwMD1B1FmBwbmALs7IMS6DH8bGsimZhlw+3thll5HjKkI/btlO7dzh1ar/K2D o9QsgpPccCoP6SPoM+sDU0VQzPdsj1bI8aRfjTvOrW+KgJ9aGbALnI26vGiddHz9lSvs u+xTvr1a5M+uhCHclbjJMq6SU2aA6pcWEwLBa7aPjeQD7we1zCXFN57SPyee/nO48s4D XebfasHqG76iteaksKh5LhQppiWh/yEdeAZKH1n6vAtcIleQegZY+KPbws3arfWJTjnW hzoDGT0lMPcjz5nGc8rIo+p8CmVmuFsz5b7JN664mRKS7iQifhvzltdBQJAMjlX9UJfR cMiQ== X-Gm-Message-State: AOUpUlH756u7mdS1uUzf6BVBOWvhn1hxZ0WxZ7Qz+1gCjyc3HrC6qeYg xt6oDX6icf4vbprobMsPz/aQuTfydfD08ih6kT97D9q0qpI= X-Google-Smtp-Source: AAOMgpdr17444mW5hEZwK3BvupFcsfwTDhZm6l4DJZgSDpu0KZLKeYksxMRmloiufEh3VIiGor6AJh1P+C7OmTqY5Zo= X-Received: by 2002:a24:5004:: with SMTP id m4-v6mr5470505itb.38.1532005908785; Thu, 19 Jul 2018 06:11:48 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:6949:0:0:0:0:0 with HTTP; Thu, 19 Jul 2018 06:11:28 -0700 (PDT) In-Reply-To: References: <08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de> From: "Russell O'Connor" Date: Thu, 19 Jul 2018 09:11:28 -0400 Message-ID: To: Erik Aronesty , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000fccc6d057159eb83" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Multiparty signatures X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2018 13:11:50 -0000 --000000000000fccc6d057159eb83 Content-Type: text/plain; charset="UTF-8" On Thu, Jul 19, 2018 at 8:16 AM, Erik Aronesty via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > you can't birthday attack something where there's only a single variable > that you can modify. > When engaging in a multiparty signature, the attacker can more than one variable to modify. When you are party to a multi-party signature (for example, in some sort of coin-join protocol) it could be that every other participant in the multi-party signature is, in fact, the same single attacker representing themselves as multiple participants. This is how the attacker gets their hands on multiple variables. --000000000000fccc6d057159eb83 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On T= hu, Jul 19, 2018 at 8:16 AM, Erik Aronesty via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
=C2=A0you can't birthday att= ack something where there's only a single variable that you can modify.=

When engaging in a multiparty signat= ure, the attacker can more than one variable to modify.=C2=A0 When you are = party to a multi-party signature (for example, in some sort of coin-join pr= otocol) it could be that every other participant in the multi-party signatu= re is, in fact, the same single attacker representing themselves as multipl= e participants.=C2=A0 This is how the attacker gets their hands on multiple= variables.


--000000000000fccc6d057159eb83--