public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Anthony Towns <aj@erisian.com.au>
To: Andrew Chow <lists@achow101.com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Proposed BIP for MuSig2 PSBT Fields
Date: Thu, 12 Oct 2023 17:39:32 +1000	[thread overview]
Message-ID: <ZSeitCGbqX9paPro@erisian.com.au> (raw)
In-Reply-To: <5ebdc1ea-583e-472f-a7ff-6ae8976bf0fb@achow101.com>

On Wed, Oct 11, 2023 at 11:59:16PM +0000, Andrew Chow via bitcoin-dev wrote:
> On 10/11/2023 07:47 PM, Anthony Towns wrote:
> > On Tue, Oct 10, 2023 at 10:28:37PM +0000, Andrew Chow via bitcoin-dev wrote:
> >> I've written up a BIP draft for MuSig2 PSBT fields. It can be viewed at
> >> https://github.com/achow101/bips/blob/musig2-psbt/bip-musig2-psbt.mediawiki.
> > 
> > I was hoping to see adaptor signature support in this; but it seems that's
> > also missing from BIP 327?
> This is the first time I've heard of that, so it wasn't something that I 
> considered adding to the BIP. Really the goal was to just be able to use 
> BIP 327.

Yeah, makes sense.

The other related thing is anti-exfil; libwally's protocol for that
(for ecdsa sigs) is described at:

 https://wally.readthedocs.io/en/release_0.8.9/anti_exfil_protocol/
 https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/include/secp256k1_ecdsa_s2c.h

Though that would probably want to have a PSBT_IN_S2C_DATA_COMMITMENT
item provided before MUSIG2_PUB_NONCE was filled in, then PSBT_IN_S2C_DATA
and PSBT_IN_NONCE_TWEAK can be provided. (Those all need to have specific
relationships in order to be secure though)

> But that doesn't preclude a future BIP that specifies how to use adaptor 
> signatures and to have additional PSBT fields for it. It doesn't look 
> like those are mutually exclusive in any way or that the fields that 
> I've proposed wouldn't still work.

Yeah, it's just that it would be nice if musig capable signers were also
capable of handling s2c/anti-exfil and tweaks/adaptor-sigs immediately,
rather than it being a "wait for the next release" thing...

> I don't know enough about the topic to really say much on whether or how 
> such fields would work.

I think for signers who otherwise don't care about these features, the
only difference is that you add the tweak to the musig nonces before
hashing/signing, which is pretty straightforward. So I think, if it were
specced, it'd be an easy win. Definitely shouldn't be a blocker though.

Here's another idea for formatting the tables fwiw:
https://github.com/ajtowns/bips/blob/d8a90cff616d6e5839748a1b2a50d32947f30850/bip-musig2-psbt.mediawiki

Cheers,
aj



  reply	other threads:[~2023-10-12  7:39 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-10 22:28 [bitcoin-dev] Proposed BIP for MuSig2 PSBT Fields Andrew Chow
2023-10-11 23:47 ` Anthony Towns
2023-10-11 23:59   ` Andrew Chow
2023-10-12  7:39     ` Anthony Towns [this message]
2023-10-12  7:43   ` Jonas Nick

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZSeitCGbqX9paPro@erisian.com.au \
    --to=aj@erisian.com.au \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=lists@achow101.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox