From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1E51DC0032 for ; Thu, 12 Oct 2023 07:43:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 05255416A2 for ; Thu, 12 Oct 2023 07:43:26 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 05255416A2 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=bSK7rQIR X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AfRw8jA65_Xp for ; Thu, 12 Oct 2023 07:43:25 +0000 (UTC) Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by smtp4.osuosl.org (Postfix) with ESMTPS id DEED641695 for ; Thu, 12 Oct 2023 07:43:24 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org DEED641695 Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-406618d0991so6967875e9.2 for ; Thu, 12 Oct 2023 00:43:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697096603; x=1697701403; darn=lists.linuxfoundation.org; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=mFOZadgBj7ZmcmYSBnUzbsZaNTUkXKMpo2lUSaVMgjI=; b=bSK7rQIR3ESAKYkEckZ1PYVoK0BkdESQlgX2dxq7UDMMJS+K3dddBns7L710XLRwg4 dn6SoUNbQgUpbk3SvoT0OkY0uLUJJKZltK8sp50Xy/CTjaKFC1hUVb+FzJmfpggMkZWc YexAgu3eKu33XNJ3WMnX/VXAk2Mt77J+sjBPLmZdQ0f7e7DeGZmV3W2fxMuptpiOx/8v yjvgtHqUpIGiRlEDUD+6NUMCB87N25FjBdhIyxyAfY0LZLpVjdMJQ97v6KeaPnEFseVu SF3K7bx8osfnvjMCyRz2Bz4ESUFSdm0fsy0ppjv2mgh8/5yKi2H2fIK/6fpemEfVxXIU EFJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697096603; x=1697701403; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mFOZadgBj7ZmcmYSBnUzbsZaNTUkXKMpo2lUSaVMgjI=; b=u7nJeX3Rq06L8EyE+DjPwKdbz/ftlFz5+noHE7r5pe+rQ9UcI0Bi5NsxJ30K5XT1ih CMzznkRLmLipycxVK7I0wHMwYCWrI+ThEvmzBx+827hI14D7PhfKbkkza/74I2kFlDMG IVq4PW2M/moxPcc5lmW5rzd+0FsBUGaLLPSgxi7w4zoJP+4BceenbDL0S2tojBV5GRgj uLwZSTNcRe/o5cr9NWvtPvH6uvgzZIoAfrD79o8WTJbcR/X0kcswoa3jYHd0h5KgAB5q uFnsNtkG7Ra6c8kZNhQPgVHzgvjxDL3sF5Tasc+F3I1ssLPfp3aOshjj+fgPPWQbnG9Q dRbg== X-Gm-Message-State: AOJu0YyJpWubLQitRzal5d+bQ6tJf8wT1lWDil7nPmdrQjF7bphilHlY blqpzgvBDsZMY62vfTAYTNbNTS/szEs= X-Google-Smtp-Source: AGHT+IFFPTk0liH+493fUi+0K/jNcc+wJLUon34p6ouL6OV2LyYOVnGbAdMhTck87bNHQ5EEdHLgYQ== X-Received: by 2002:a05:600c:3652:b0:3fb:a0fc:1ba1 with SMTP id y18-20020a05600c365200b003fba0fc1ba1mr21743723wmq.35.1697096602578; Thu, 12 Oct 2023 00:43:22 -0700 (PDT) Received: from [10.11.10.42] (p54b84377.dip0.t-ipconnect.de. [84.184.67.119]) by smtp.googlemail.com with ESMTPSA id bd5-20020a05600c1f0500b004030e8ff964sm21346537wmb.34.2023.10.12.00.43.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 12 Oct 2023 00:43:22 -0700 (PDT) Sender: Jonas Nick Message-ID: Date: Thu, 12 Oct 2023 07:43:21 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Anthony Towns , Bitcoin Protocol Discussion , Andrew Chow References: From: Jonas Nick In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 12 Oct 2023 19:13:35 +0000 Subject: Re: [bitcoin-dev] Proposed BIP for MuSig2 PSBT Fields X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Oct 2023 07:43:26 -0000 It is true that BIP 327 ("MuSig2") does not include adaptor signatures. The rationale behind this decision was as follows: - the BIP is already long and complicated enough without adaptor signatures; it should be possible to propose a separate adaptor signature BIP on top in a modular fashion - as far as I know, there's no security proof except for a hard-to-follow sketch that I wrote a few years ago [0] - at the time, there seemed to be a higher demand for single-signer adaptor signatures In spite of the missing specification, we added some version of adaptor signatures to the libsecp256k1-zkp MuSig2 module in order to allow experimentation. As for standardizing MuSig2 adaptor signatures, it seems noteworthy that there exist alternative designs to the implementation in the libsecp256k1-zkp module: the current libsecp256k1-zkp PR for (single-signer) Schnorr adaptor signatures [1] uses a slightly different API. Instead of sending the adaptor point along with the adaptor signature, the point is extracted from an adaptor signature. This simplifies the API and reduces communication at the cost of making batch verification of multiple adaptor sigs impossible. [0] https://github.com/BlockstreamResearch/scriptless-scripts/pull/24 [1] https://github.com/BlockstreamResearch/secp256k1-zkp/pull/268