From: Jonas Nick <jonasd.nick@gmail.com>
To: Anthony Towns <aj@erisian.com.au>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>,
Andrew Chow <lists@achow101.com>
Subject: Re: [bitcoin-dev] Proposed BIP for MuSig2 PSBT Fields
Date: Thu, 12 Oct 2023 07:43:21 +0000 [thread overview]
Message-ID: <fd7bf294-8f5a-48fc-a415-1f1706b51434@gmail.com> (raw)
In-Reply-To: <ZSc0Luwg3rpNvkfJ@erisian.com.au>
It is true that BIP 327 ("MuSig2") does not include adaptor signatures. The
rationale behind this decision was as follows:
- the BIP is already long and complicated enough without adaptor signatures; it
should be possible to propose a separate adaptor signature BIP on top in a
modular fashion
- as far as I know, there's no security proof except for a hard-to-follow sketch
that I wrote a few years ago [0]
- at the time, there seemed to be a higher demand for single-signer adaptor
signatures
In spite of the missing specification, we added some version of adaptor
signatures to the libsecp256k1-zkp MuSig2 module in order to allow
experimentation.
As for standardizing MuSig2 adaptor signatures, it seems noteworthy that there
exist alternative designs to the implementation in the libsecp256k1-zkp module:
the current libsecp256k1-zkp PR for (single-signer) Schnorr adaptor signatures
[1] uses a slightly different API. Instead of sending the adaptor point along
with the adaptor signature, the point is extracted from an adaptor signature.
This simplifies the API and reduces communication at the cost of making batch
verification of multiple adaptor sigs impossible.
[0] https://github.com/BlockstreamResearch/scriptless-scripts/pull/24
[1] https://github.com/BlockstreamResearch/secp256k1-zkp/pull/268
prev parent reply other threads:[~2023-10-12 7:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-10 22:28 [bitcoin-dev] Proposed BIP for MuSig2 PSBT Fields Andrew Chow
2023-10-11 23:47 ` Anthony Towns
2023-10-11 23:59 ` Andrew Chow
2023-10-12 7:39 ` Anthony Towns
2023-10-12 7:43 ` Jonas Nick [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fd7bf294-8f5a-48fc-a415-1f1706b51434@gmail.com \
--to=jonasd.nick@gmail.com \
--cc=aj@erisian.com.au \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=lists@achow101.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox