Return-Path: <tom@commerceblock.com> Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 17EDFC0032 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 20:35:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id DEC7141D75 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 20:35:14 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org DEC7141D75 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=commerceblock-com.20221208.gappssmtp.com header.i=@commerceblock-com.20221208.gappssmtp.com header.a=rsa-sha256 header.s=20221208 header.b=zaSdqFO1 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uX6dWKt2cBcx for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 20:35:14 +0000 (UTC) Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by smtp4.osuosl.org (Postfix) with ESMTPS id A8F0E40135 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 20:35:13 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A8F0E40135 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5221b90f763so240773a12.0 for <bitcoin-dev@lists.linuxfoundation.org>; Wed, 26 Jul 2023 13:35:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=commerceblock-com.20221208.gappssmtp.com; s=20221208; t=1690403711; x=1691008511; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CaJq6oiQu+KTSogQiXxvizfccsgPq4SXorrzbr4e79o=; b=zaSdqFO1SbDksKJx7W4sn3ZV83Pa9dlB2Jr9RfT2fDhFtu/huteQUbgO1iAWH6unLq 8dYDEuP86Y9a0yLSLZo5C+AKQJBKRCshpC5eaTBXV9BZWiEmlV0aK/hps0xK7XHAtrsk bSyTq9xZt3kQ/wlcHuk78DnT0MHeahYT+snkj3jvAs0ZMlSMw87qbr4tj4kyAIfnorEp KehR79YdvaBcRqWfdsxQDYtHeTX+Uf2HBtOINuNOSZEbybOu9vrrQIj5073CrVXjOMn1 lo3DE+/COb4X3bHAEos59P1AAAJD7y/KJq/TN5K9wFPL9wy2HRkCGpdElqG6YAoimgg2 N6Mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690403711; x=1691008511; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CaJq6oiQu+KTSogQiXxvizfccsgPq4SXorrzbr4e79o=; b=Mq5izIWAtAU70mYMm9PnZ/tRttPTfF7UV+PvV3hHEswSPu8ZKxRZs8Lt9WoMS992M+ B6hN5JfxJmWcGmKo1MhDycgot7NKTIT5KeKde73DwUW0H9/+ZP6593bmeYT2fzGNCNFs 9mLo3ftDpPo96oYArXV0j/1nVSwkFQJ2T8NICEsTuxZfighWUE0Qv81/1O/EI3DxqwCL YwE+1W8J9jG+TSVc6bF4RrtE4K7aTJf6FrBWyP3cZmzdbdM4L44vezEnWiEDUSNg3qdd 0wHvEXo9GgDACh54ULyUica/3lNjja8IKbuRqxsGXDvxIezthQvxE8S3iqsY0fSyr2E8 T3oA== X-Gm-Message-State: ABy/qLZskQ6GcpkQUzfZaWdgkW0Klm7Lg6tIJh4hEy7dMfrveAlLYTIp nlvhfTXIKFTCL5wL+uZcz83qvUV3z5vILXSWzcd1 X-Google-Smtp-Source: APBJJlEDEjQWUaBI15EsRMXWoZASTg5GYrROautn5AU/T7cvWvzX5tEIxJZF1IdZOCmpVAPrQDcRNHUFBtNhdxg50I4= X-Received: by 2002:aa7:d745:0:b0:522:56d8:49c0 with SMTP id a5-20020aa7d745000000b0052256d849c0mr161713eds.37.1690403711626; Wed, 26 Jul 2023 13:35:11 -0700 (PDT) MIME-Version: 1.0 References: <CAJvkSsc_rKneeVrLkTqXJDKcr+VQNBHVJyXVe=7PkkTZ+SruFQ@mail.gmail.com> <ca674cee-6fe9-f325-7e09-f3efda082b6b@gmail.com> <YwMiFAEImHAJfAHHU7WbN1C1JuHjh0vC18Hn61QplFOlY5mEgKmjsAlj2geV1-28E36_wgfL9_QHTRJsbtOLt73o9C4JfoVt8scvYGzKHOI=@protonmail.com> <CAJowKgJ61nWBHMfNVx7J+C1QwZZMQ9zUaFQnAw1roXiPfi5O6A@mail.gmail.com> <CAJvkSsdAVFf44XXXXhXqV7JcnmV796vttHEtNEp=v-zxehUofw@mail.gmail.com> <CAJowKgJFHzXEtJij4K0SR_KvatTZMDfUEU40noMzR2ubj8OSvA@mail.gmail.com> <c5ae9d75-e64f-1565-93d0-e2b5df45d3f4@gmail.com> In-Reply-To: <c5ae9d75-e64f-1565-93d0-e2b5df45d3f4@gmail.com> From: Tom Trevethan <tom@commerceblock.com> Date: Wed, 26 Jul 2023 21:35:00 +0100 Message-ID: <CAJvkSsdRCHA6pB0mMY-7SE4GbDodAR34_RMgPrhEZAAq_8O2Aw@mail.gmail.com> To: Jonas Nick <jonasdnick@gmail.com> Content-Type: multipart/alternative; boundary="000000000000c244ca060169c866" X-Mailman-Approved-At: Thu, 27 Jul 2023 00:19:01 +0000 Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> Subject: Re: [bitcoin-dev] Blinded 2-party Musig2 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Wed, 26 Jul 2023 20:35:15 -0000 --000000000000c244ca060169c866 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of knowledge of the r values used to generate each R used prevents the Wagner attack, no? On Wed, Jul 26, 2023 at 8:59=E2=80=AFPM Jonas Nick <jonasdnick@gmail.com> w= rote: > None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned a= n > attack on the nonces, I mentioned an attack on the challenge c) can be > prevented > by proving knowledge of the signing key (usually known as proof of > possession, > PoP). > --000000000000c244ca060169c866 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Not 'signing' but 'secret' i.e. the r valu= es (ephemeral keys). Proof of knowledge of the r values used to generate ea= ch R used prevents the Wagner attack, no?</div><br><div class=3D"gmail_quot= e"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, Jul 26, 2023 at 8:59=E2=80= =AFPM Jonas Nick <<a href=3D"mailto:jonasdnick@gmail.com">jonasdnick@gma= il.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"m= argin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left= :1ex">None of the attacks mentioned in this thread so far (ZmnSCPxj mention= ed an<br> attack on the nonces, I mentioned an attack on the challenge c) can be prev= ented<br> by proving knowledge of the signing key (usually known as proof of possessi= on,<br> PoP).<br> </blockquote></div> --000000000000c244ca060169c866--