Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 17EDFC0032 for ; Wed, 26 Jul 2023 20:35:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id DEC7141D75 for ; Wed, 26 Jul 2023 20:35:14 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org DEC7141D75 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=commerceblock-com.20221208.gappssmtp.com header.i=@commerceblock-com.20221208.gappssmtp.com header.a=rsa-sha256 header.s=20221208 header.b=zaSdqFO1 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uX6dWKt2cBcx for ; Wed, 26 Jul 2023 20:35:14 +0000 (UTC) Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by smtp4.osuosl.org (Postfix) with ESMTPS id A8F0E40135 for ; Wed, 26 Jul 2023 20:35:13 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A8F0E40135 Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-5221b90f763so240773a12.0 for ; Wed, 26 Jul 2023 13:35:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=commerceblock-com.20221208.gappssmtp.com; s=20221208; t=1690403711; x=1691008511; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CaJq6oiQu+KTSogQiXxvizfccsgPq4SXorrzbr4e79o=; b=zaSdqFO1SbDksKJx7W4sn3ZV83Pa9dlB2Jr9RfT2fDhFtu/huteQUbgO1iAWH6unLq 8dYDEuP86Y9a0yLSLZo5C+AKQJBKRCshpC5eaTBXV9BZWiEmlV0aK/hps0xK7XHAtrsk bSyTq9xZt3kQ/wlcHuk78DnT0MHeahYT+snkj3jvAs0ZMlSMw87qbr4tj4kyAIfnorEp KehR79YdvaBcRqWfdsxQDYtHeTX+Uf2HBtOINuNOSZEbybOu9vrrQIj5073CrVXjOMn1 lo3DE+/COb4X3bHAEos59P1AAAJD7y/KJq/TN5K9wFPL9wy2HRkCGpdElqG6YAoimgg2 N6Mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690403711; x=1691008511; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CaJq6oiQu+KTSogQiXxvizfccsgPq4SXorrzbr4e79o=; b=Mq5izIWAtAU70mYMm9PnZ/tRttPTfF7UV+PvV3hHEswSPu8ZKxRZs8Lt9WoMS992M+ B6hN5JfxJmWcGmKo1MhDycgot7NKTIT5KeKde73DwUW0H9/+ZP6593bmeYT2fzGNCNFs 9mLo3ftDpPo96oYArXV0j/1nVSwkFQJ2T8NICEsTuxZfighWUE0Qv81/1O/EI3DxqwCL YwE+1W8J9jG+TSVc6bF4RrtE4K7aTJf6FrBWyP3cZmzdbdM4L44vezEnWiEDUSNg3qdd 0wHvEXo9GgDACh54ULyUica/3lNjja8IKbuRqxsGXDvxIezthQvxE8S3iqsY0fSyr2E8 T3oA== X-Gm-Message-State: ABy/qLZskQ6GcpkQUzfZaWdgkW0Klm7Lg6tIJh4hEy7dMfrveAlLYTIp nlvhfTXIKFTCL5wL+uZcz83qvUV3z5vILXSWzcd1 X-Google-Smtp-Source: APBJJlEDEjQWUaBI15EsRMXWoZASTg5GYrROautn5AU/T7cvWvzX5tEIxJZF1IdZOCmpVAPrQDcRNHUFBtNhdxg50I4= X-Received: by 2002:aa7:d745:0:b0:522:56d8:49c0 with SMTP id a5-20020aa7d745000000b0052256d849c0mr161713eds.37.1690403711626; Wed, 26 Jul 2023 13:35:11 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Tom Trevethan Date: Wed, 26 Jul 2023 21:35:00 +0100 Message-ID: To: Jonas Nick Content-Type: multipart/alternative; boundary="000000000000c244ca060169c866" X-Mailman-Approved-At: Thu, 27 Jul 2023 00:19:01 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Blinded 2-party Musig2 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2023 20:35:15 -0000 --000000000000c244ca060169c866 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Not 'signing' but 'secret' i.e. the r values (ephemeral keys). Proof of knowledge of the r values used to generate each R used prevents the Wagner attack, no? On Wed, Jul 26, 2023 at 8:59=E2=80=AFPM Jonas Nick w= rote: > None of the attacks mentioned in this thread so far (ZmnSCPxj mentioned a= n > attack on the nonces, I mentioned an attack on the challenge c) can be > prevented > by proving knowledge of the signing key (usually known as proof of > possession, > PoP). > --000000000000c244ca060169c866 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Not 'signing' but 'secret' i.e. the r valu= es (ephemeral keys). Proof of knowledge of the r values used to generate ea= ch R used prevents the Wagner attack, no?

On Wed, Jul 26, 2023 at 8:59=E2=80= =AFPM Jonas Nick <jonasdnick@gma= il.com> wrote:
None of the attacks mentioned in this thread so far (ZmnSCPxj mention= ed an
attack on the nonces, I mentioned an attack on the challenge c) can be prev= ented
by proving knowledge of the signing key (usually known as proof of possessi= on,
PoP).
--000000000000c244ca060169c866--