From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 73F3DC0032 for ; Wed, 26 Jul 2023 09:45:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 491CC4038D for ; Wed, 26 Jul 2023 09:45:12 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 491CC4038D Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=CBNjx1sp X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.799 X-Spam-Level: X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-UobSyZDMyY for ; Wed, 26 Jul 2023 09:45:11 +0000 (UTC) X-Greylist: delayed 36590 seconds by postgrey-1.37 at util1.osuosl.org; Wed, 26 Jul 2023 09:45:11 UTC DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 4BD6B4012D Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com [51.77.79.158]) by smtp2.osuosl.org (Postfix) with ESMTPS id 4BD6B4012D for ; Wed, 26 Jul 2023 09:45:11 +0000 (UTC) Date: Wed, 26 Jul 2023 09:44:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1690364694; x=1690623894; bh=FpM2lWmFl3wmyupuiZXYKnRPeTnxRswB82Ie0zVtcIs=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=CBNjx1sp4Rvkk5+614w4Qm7ydwwfcXgieIvd4ADXFVwMPm8yoYgiJy4OZZPrFKiKR 0PCOaT7k5BKtjobRNup9XHtQW7E3CkHpCl05Ldh8EWfhsOidBbXOVi9iU0rlLLkNy7 xy72TUyEI1oYxQw4rO1ogu1EBKuntBfEcdwbJHiqvT1GxgvwFDH4uCsiZPJ5VcLA2d wFfRtW4Z69QTyrnEs+tQmib+zyipG4oZltqiy1DFdXt63cBf+QBNiOLSzvfg1iTaQJ IXJ8qQ9NW0ev0ED0ONXToo+GSVGpfWCmfiYoV4cGRScNkqlz4tbW2Un3pjYtf5nncT Xk+zHiI3fj7Xg== To: "bitcoin-dev@lists.linuxfoundation.org" From: moonsettler Message-ID: In-Reply-To: References: Feedback-ID: 38540639:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Wed, 26 Jul 2023 14:32:46 +0000 Subject: [bitcoin-dev] Blinded 2-party Musig2 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2023 09:45:12 -0000 Hi All, I believe it's fairly simple to solve the blinding (sorry for the bastard n= otation!): Signing: X =3D X1 + X2 K1 =3D k1G K2 =3D k2G R =3D K1 + K2 + bX e =3D hash(R||X||m) e' =3D e + b s =3D (k1 + e'*x1) + (k2 + e'*x2) s =3D (k1 + k2 + b(x1 + x2)) + e(x1 + x2) sG =3D (K1 + K2 + bX) + eX sG =3D R + eX Verification: Rv =3D sG - eX ev =3D hash(R||X||m) e ?=3D ev https://gist.github.com/moonsettler/05f5948291ba8dba63a3985b786233bb Been trying to get a review on this for a while, please let me know if I go= t it wrong! BR, moonsettler ------- Original Message ------- On Monday, July 24th, 2023 at 5:39 PM, Jonas Nick via bitcoin-dev wrote: > > Party 1 never learns the final value of (R,s1+s2) or m. >=20 >=20 > Actually, it seems like a blinding step is missing. Assume the server (pa= rty 1) > received some c during the signature protocol. Can't the server scan the > blockchain for signatures, compute corresponding hashes c' =3D H(R||X||m)= as in > signature verification and then check c =3D=3D c'? If true, then the serv= er has the > preimage for the c received from the client, including m. > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev