From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 605BB1366 for ; Wed, 21 Mar 2018 23:28:13 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8E65E5E4 for ; Wed, 21 Mar 2018 23:28:12 +0000 (UTC) Date: Wed, 21 Mar 2018 19:28:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1521674890; bh=uFolGca8oWqVYSI18KbElCnRcLUBmE2SR5xLW0F9BGY=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=Obz86RFu7oo6F/HHQyDvX8fYjrfc6ha3Op1WOvzuzDg4d+Oxfz0UGT+BL8YyJe6tB E1Ev+03KzfmhU+zQb/cp47Zb3lBc1KwRN+JwcexfaWV9lTX6Uht5luXqdpX9C1XRHt ODZr9oY0t8PNJt4eaN1k/519y2mIY+jfVxSAMOJ0= To: Anthony Towns From: ZmnSCPxj@protonmail.com Reply-To: ZmnSCPxj@protonmail.com Message-ID: In-Reply-To: <20180321112119.GA6588@erisian.com.au> References: <20180321040618.GA4494@erisian.com.au> <20180321112119.GA6588@erisian.com.au> Feedback-ID: el4j0RWPRERue64lIQeq9Y2FP-mdB86tFqjmrJyEPR9VAtMovPEo9tvgA0CrTsSHJeeyPXqnoAu6DN-R04uJUg==:Ext:ProtonMail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, FROM_LOCAL_NOVOWEL, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 22 Mar 2018 01:45:31 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Soft-forks and schnorr signature aggregation X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 23:28:13 -0000 Good morning aj, =E2=80=8BSent with ProtonMail Secure Email.=E2=80=8B =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On March 21, 2018 7:21 PM, Anthony Towns wrote: > On Wed, Mar 21, 2018 at 03:53:59AM -0400, ZmnSCPxj wrote: >=20 > > Good morning aj, >=20 > Good evening Zeeman! >=20 > [pulled from the bottom of your mail] >=20 > > This way, rather than gathering signatures, we gather public keys for a= ggregate signature checking. >=20 > Sorry, I probably didn't explain it well (or at all): during the script, >=20 > you're collecting public keys and messages (ie, BIP 143 style digests) >=20 > which then go into the signing/verification algorithm to produce/check >=20 > the signature. Yes, I think this is indeed what OP_CHECK_AGG_SIG really does. What I propose is that we have two places where we aggregate public keys: o= ne at the script level, and one at the transaction level. OP_ADD_AGG_PUBKE= Y adds to the script-level aggregate, then OP_CHECK_AGG_SIG adds the script= -level aggregate to the transaction-level aggregate. Unfortunately it will not work since transaction-level aggregate (which is = actually what gets checked) is different between pre-fork and post-fork nod= es. It looks like signature aggregation is difficult to reconcile with script..= . Regards, ZmnSCPxj