Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 6E64DC9E
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 13 Sep 2018 20:20:53 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com
	[209.85.128.43])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B41FC7EB
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 13 Sep 2018 20:20:52 +0000 (UTC)
Received: by mail-wm1-f43.google.com with SMTP id b19-v6so88478wme.3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Thu, 13 Sep 2018 13:20:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=q32-com.20150623.gappssmtp.com; s=20150623;
	h=mime-version:references:in-reply-to:from:date:message-id:subject:to
	:cc; bh=va1SfLiSNWtBbQZBistDHDjxcqcnmdcF+43E35NBpvg=;
	b=cOTDcEvRnuco4Tly1Jpe3AjHTW/5ZjIvhVWTj/ZwU9MHMbhy5lWnh+unVKSmRg9xgE
	ick2rTh8zd1oExJ0A0M0vfrW6IyE2BOsRpVd3Au+4xCeF/0QTPCC89IXHyZxChJQjXKK
	6UDMxenRbkQK8ADNoVzoMeh484HagxfoEekAj8Pmi1sJauY4v67DTzGexyiUfeyzTyuC
	JmLeDtZsVafbpQdf6Gq6N1fyeRhLwQ8nVo9IcwUISJ5qewCuj0S21/3iRJPf23qmTXD6
	3g9fZ1Pxq1ZUyOHJsBiyHFs9aTtUezGVNwoObpgGSNBi28NG8xN4c1wX+4I/hLzSiCng
	GSbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:cc;
	bh=va1SfLiSNWtBbQZBistDHDjxcqcnmdcF+43E35NBpvg=;
	b=ra7mJ/LZtPY2XdOE/b5D6rsg+ysHUXFiw286F52lbk54XBxglNuD+KZ/kJC7rpKKZw
	ZI1lFc3hgtkT+s45fcesc4b2eUyG9Ow1Sx19cTJa5atXZDYmckHlE935OpP9X15jFTur
	oflFzkhWMPpQ+1iAM14CYAujP4aeRnwwDsUcQwjSXmub/M/k5V4vqIWFUr/VhX6boxrs
	AE11aZoRnnOQBoVE9Sffl4ycrPee7TY7fgs+a+ECoA/NEctJnATHIhYRB+7e0JRAsYem
	tn+172bAb75O8FqnPYTI1OZWVyOuefNpRzRxmgCiSR5vziTwPk+fvkf45gcwrwlJhKbo
	MWcg==
X-Gm-Message-State: APzg51Dg9SO/SCNVpBpDSi7jpsp76PFQ8Dz2Ro5rYmBrG1a4YcuKFVDN
	Eq9JjSiXzEBdwhcmvMqSSjrM409vnAiJB+6SsfUQEMI=
X-Google-Smtp-Source: ANB0VdauJsHWCjzs21wFKaOrgXG9FD1suItiYyFoiJdEWf2BNBlc78j5Ffo4dZvJdJGWrbd9mAXu92cHoam4tTHZPoI=
X-Received: by 2002:a1c:90e:: with SMTP id 14-v6mr6942147wmj.130.1536870051024;
	Thu, 13 Sep 2018 13:20:51 -0700 (PDT)
MIME-Version: 1.0
References: <20180812163734.GV499@boulet.lan>
	<CAJowKg+h11YkwOo-gyWCw+87Oh-9K34LOnJ1730hhpoVR2m5sA@mail.gmail.com>
	<20180903000518.GB18522@boulet.lan>
	<CAJowKg+PDtEV3je_N9Ra6u3n4+ZQ3ozYapt8ivxGYYU28Qad+w@mail.gmail.com>
	<CAAS2fgT0uBGbLBOW4TxA-qCzOLwoQ1qSV-R0dMKRzPLAm_UOqQ@mail.gmail.com>
	<CAJowKg+-45h6vraL1PpnqfhHSbG+G40L+FD7xN+C-Dn1E6Y_Vg@mail.gmail.com>
	<CAAS2fgSfdfQ2CiEabjrjspQGQufwzk84f1mzM1j_LRWqAPd8wA@mail.gmail.com>
	<CAJowKgK3Pxev4pDH4xVLPvmHda8oAfq=fya4TY+_dodUJ7j9Nw@mail.gmail.com>
	<CAAS2fgQOb4UJBkH=pMre=tsbAUmMNYx=4jkBawX4Rc_dKcpwZg@mail.gmail.com>
	<CAJowKgK9UdavrGnKum43dx+DXe+LakHXuVU6bNhMFtEoy2U3Og@mail.gmail.com>
	<20180913184649.GC18522@boulet.lan>
In-Reply-To: <20180913184649.GC18522@boulet.lan>
From: Erik Aronesty <erik@q32.com>
Date: Thu, 13 Sep 2018 16:20:36 -0400
Message-ID: <CAJowKg+0uOZ5_ryFit6-GW_fEbkXwBU8m7VAAOxgZAzP_5rF8A@mail.gmail.com>
To: apoelstra@wpsoftware.net
Content-Type: multipart/alternative; boundary="0000000000007515910575c67147"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,FREEMAIL_FROM,HTML_MESSAGE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 14 Sep 2018 13:50:09 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Schnorr signatures BIP
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2018 20:20:53 -0000

--0000000000007515910575c67147
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

The paper refers to either:

  a) building up threshold signatures via concatenation, or. implicitly -
in Bitcoin -
  b) by indicating that of M of N are valid, and requiring a validator to
validate one of the permutations of M that signed - as opposed to a scheme,
like a polynomial function, where the threshold is built in to the system.

Maybe there's another mechanism in there that I'm not aware of - because
it's just too simple to mention?

- Erik






On Thu, Sep 13, 2018 at 2:46 PM Andrew Poelstra <apoelstra@wpsoftware.net>
wrote:

> On Tue, Sep 11, 2018 at 01:37:59PM -0400, Erik Aronesty via bitcoin-dev
> wrote:
> > - Musig, by being M of M, is inherently prone to loss.
> >
>
> It has always been possible to create M-of-N threshold MuSig signatures
> for any
> M, N with 0 < M =E2=89=A4 N. This is (a) obvious, (b) in our paper, (c)
> implemented at
>
>
> https://github.com/apoelstra/secp256k1/blob/2018-04-taproot/src/modules/m=
usig/main_impl.h
>
> --
> Andrew Poelstra
> Research Director, Mathematics Department, Blockstream
> Email: apoelstra at wpsoftware.net
> Web:   https://www.wpsoftware.net/andrew
>
> "Make it stop, my love; we were wrong to try
>  Never saw what we could unravel in traveling light
>  Nor how the trip debrides like a stack of slides
>  All we saw was that time is taller than space is wide"
>        --Joanna Newsom
>
>

--0000000000007515910575c67147
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>The paper refers to either:</div><div><br></div><div>=
=C2=A0 a) building up threshold signatures via concatenation, or. implicitl=
y - in Bitcoin - <br></div><div>=C2=A0 b) by indicating that of M of N are =
valid, and requiring a validator to validate one of the permutations of M t=
hat signed - as opposed to a scheme, like a polynomial function, where the =
threshold is built in to the system.</div><div><br></div><div>Maybe there&#=
39;s another mechanism in there that I&#39;m not aware of - because it&#39;=
s just too simple to mention?</div><div><br></div><div>- Erik<br></div><div=
><br></div><div><br></div><div><br></div><div><br></div><div><br></div></di=
v><br><div class=3D"gmail_quote"><div dir=3D"ltr">On Thu, Sep 13, 2018 at 2=
:46 PM Andrew Poelstra &lt;<a href=3D"mailto:apoelstra@wpsoftware.net" targ=
et=3D"_blank">apoelstra@wpsoftware.net</a>&gt; wrote:<br></div><blockquote =
class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid=
;padding-left:1ex">On Tue, Sep 11, 2018 at 01:37:59PM -0400, Erik Aronesty =
via bitcoin-dev wrote:<br>
&gt; - Musig, by being M of M, is inherently prone to loss.<br>
&gt;<br>
<br>
It has always been possible to create M-of-N threshold MuSig signatures for=
 any<br>
M, N with 0 &lt; M =E2=89=A4 N. This is (a) obvious, (b) in our paper, (c) =
implemented at<br>
<br>
<a href=3D"https://github.com/apoelstra/secp256k1/blob/2018-04-taproot/src/=
modules/musig/main_impl.h" rel=3D"noreferrer" target=3D"_blank">https://git=
hub.com/apoelstra/secp256k1/blob/2018-04-taproot/src/modules/musig/main_imp=
l.h</a> <br>
<br>
-- <br>
Andrew Poelstra<br>
Research Director, Mathematics Department, Blockstream<br>
Email: apoelstra at <a href=3D"http://wpsoftware.net" rel=3D"noreferrer" ta=
rget=3D"_blank">wpsoftware.net</a><br>
Web:=C2=A0 =C2=A0<a href=3D"https://www.wpsoftware.net/andrew" rel=3D"noref=
errer" target=3D"_blank">https://www.wpsoftware.net/andrew</a><br>
<br>
&quot;Make it stop, my love; we were wrong to try<br>
=C2=A0Never saw what we could unravel in traveling light<br>
=C2=A0Nor how the trip debrides like a stack of slides<br>
=C2=A0All we saw was that time is taller than space is wide&quot;<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0--Joanna Newsom<br>
<br>
</blockquote></div>

--0000000000007515910575c67147--