Return-Path: <pieter.wuille@gmail.com> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 4879BC8D for <bitcoin-dev@lists.linuxfoundation.org>; Mon, 9 Jul 2018 04:40:08 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi0-f51.google.com (mail-oi0-f51.google.com [209.85.218.51]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E6B846BA for <bitcoin-dev@lists.linuxfoundation.org>; Mon, 9 Jul 2018 04:40:07 +0000 (UTC) Received: by mail-oi0-f51.google.com with SMTP id y207-v6so33431797oie.13 for <bitcoin-dev@lists.linuxfoundation.org>; Sun, 08 Jul 2018 21:40:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=//Adbk7orHT6kxtJrhA73E+GH/RxO71OZF5k6Uts5kw=; b=AjRSmSN43ASWA7G+EeiXab+OJC7ZT2XlNDp0pZ4sJjbRVQFhbHhnx6W6y3yTWXOvHD A9dvsvHdOa3mjNLxChK6YrE/8Uejm+kIz+IzDLSad5LqhT+sMd+kYFOqyum2R1RbYKgx zkbTdSZwWVRlb0IwCmufZViMQAcEi5RFqSdIXZd9IbA9YJfTRie1tVkM7s+7z46VjzbW hT252t9SRmRbhM+HyS77FJ95KmC4rA3309U37LGLmp/88yIjgax8igRJC1627TxUNaRe ottODXqV4/OkGG51S61UCln3ipy6oAy7fKvVKH8QeI9334lRHlVyGnEquLDlbR1IqB6E xbCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=//Adbk7orHT6kxtJrhA73E+GH/RxO71OZF5k6Uts5kw=; b=AlJUiAG4i9dbPTopHGj0wQy1difNnYJXfE8W/CHmPuIGKhjn4vTrBOtzKAIl31Iscp JzJ8UA6ea8Eb6yj93j0+i0Jp3hkaoOCYZH5a/0o3UFBdPBxXECZSpct4gEX+UeQcDm0v ULh3cs/PUCK9+TnFtlVkRLkQQcLefpiFFDSWilGAqX1IjNCXBs0+7yv7K24gXneUtJDL sjMAt8/+Vnr1op1EDQ/WPKmijRv1uUbHaGnaPhWMNTGkvgpoN8OtwvfuIi5LCS9UM9vA AB86qOHJ/tbrMFCogsE7Efu0QasOx1dqJPsFn4cHXByxUm98h/wvbBHrAXvElWsUjbia gQyQ== X-Gm-Message-State: APt69E01z8ypvn7dL6Ni568MiJ7vosYIG8osS9WxBoZBmJzvObFR+9b2 LZ+dlVRZoS2qJA9zOYrstMDVBwU/s4buGiklB2M= X-Google-Smtp-Source: AAOMgpeAd1AJOA0Cs24WymyxqUeZojS4C9pb9KoyOD6x4EQxjQ2WFSkDrnGZIPRhU1XXaCIxAvU6r296YoS3jLb5UCA= X-Received: by 2002:aca:5003:: with SMTP id e3-v6mr23228173oib.89.1531111207110; Sun, 08 Jul 2018 21:40:07 -0700 (PDT) MIME-Version: 1.0 References: <CAJowKgLrSe77sqO2iB7mYboo_HW=YjO4=AFdv7L5FUi2vygMiQ@mail.gmail.com> <08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de> <CAAS2fgSPUc7xRq36rZ9BVLjUTdd152Fgho4sjJXLhfrc71vPMw@mail.gmail.com> <CAJowKgL-nRcruXhWdGWrT4x+oV7i3jYST2Wa3bF5m6iT_mOyMw@mail.gmail.com> <CAPg+sBjdu4mnda-P0y7Ddu-rN7a1GiUt0hY_wYGsy_bJLKOYMA@mail.gmail.com> <CAJowKgLSQZ1LrZayDi7EFc-NSfK_AD+zBdyaF7jBeQRP7tOwYQ@mail.gmail.com> In-Reply-To: <CAJowKgLSQZ1LrZayDi7EFc-NSfK_AD+zBdyaF7jBeQRP7tOwYQ@mail.gmail.com> From: Pieter Wuille <pieter.wuille@gmail.com> Date: Sun, 8 Jul 2018 21:39:56 -0700 Message-ID: <CAPg+sBizrx20XShpeZRvZd4bfq1=E+MFUDmSC9X-xK1CSbV5kQ@mail.gmail.com> To: Erik Aronesty <erik@q32.com> Content-Type: multipart/alternative; boundary="0000000000009c8d6d0570899bec" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org> Subject: Re: [bitcoin-dev] Multiparty signatures X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Mon, 09 Jul 2018 04:40:08 -0000 --0000000000009c8d6d0570899bec Content-Type: text/plain; charset="UTF-8" On Sun, Jul 8, 2018, 21:29 Erik Aronesty <erik@q32.com> wrote: > Because it's non-interactive, this construction can produce multisig > signatures offline. Each device produces a signature using it's own > k-share and x-share. It's only necessary to interpolate M of n shares. > > There are no round trips. > > The security is Shamir + discrete log. > > it's just something I've been tinkering with and I can't see an obvious > problem. > > It's basically the same as schnorr, but you use a threshold hash to fix > the need to be online. > > Just seems more useful to me. > That sounds very useful if true, but I don't think we should include novel cryptography in Bitcoin based on your not seeing an obvious problem with it. I'm looking forward to seeing a more complete writeup though. Cheers, -- Pieter --0000000000009c8d6d0570899bec Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto"><div class=3D"gmail_quote" dir=3D"auto"><div dir=3D"ltr">= On Sun, Jul 8, 2018, 21:29 Erik Aronesty <<a href=3D"mailto:erik@q32.com= ">erik@q32.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" st= yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div = dir=3D"auto">Because it's non-interactive, this construction can produc= e multisig signatures offline.=C2=A0 =C2=A0Each device produces a signature= using it's own k-share and x-share.=C2=A0 =C2=A0It's only necessar= y to interpolate M of n shares.<div dir=3D"auto"><br></div><div dir=3D"auto= ">There are no round trips.<br><div dir=3D"auto"><br></div><div dir=3D"auto= ">The security is Shamir + discrete log.=C2=A0=C2=A0</div><div dir=3D"auto"= ><div dir=3D"auto"><br></div><div dir=3D"auto">it's just something I= 9;ve been tinkering with and I can't see an obvious problem.=C2=A0=C2= =A0</div><div dir=3D"auto"><br></div><div dir=3D"auto">It's basically t= he same as schnorr, but you use a threshold hash to fix the need to be onli= ne.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Just seems more usef= ul to me.</div></div></div></div></blockquote></div><div dir=3D"auto"><br><= /div><div dir=3D"auto">That sounds very useful if true, but I don't thi= nk we should include novel cryptography in Bitcoin based on your not seeing= an obvious problem with it.</div><div dir=3D"auto"><br></div><div dir=3D"a= uto">I'm looking forward to seeing a more complete writeup though.</div= ><div dir=3D"auto"><br></div><div dir=3D"auto">Cheers,</div><div dir=3D"aut= o"><br></div><div dir=3D"auto">--=C2=A0</div><div dir=3D"auto">Pieter</div>= <div dir=3D"auto"><br></div><div dir=3D"auto"><br></div><div class=3D"gmail= _quote" dir=3D"auto"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 = 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=3D"gmail_quo= te"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-lef= t:1px #ccc solid;padding-left:1ex"><div dir=3D"auto"><div class=3D"gmail_qu= ote" dir=3D"auto"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .= 8ex;border-left:1px #ccc solid;padding-left:1ex"> </blockquote></div></div> </blockquote></div> </blockquote></div></div> --0000000000009c8d6d0570899bec--