Delivery-date: Fri, 03 Oct 2025 08:51:58 -0700 Received: from mail-oa1-f60.google.com ([209.85.160.60]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1v4i4c-0002WC-FM for bitcoindev@gnusha.org; Fri, 03 Oct 2025 08:51:58 -0700 Received: by mail-oa1-f60.google.com with SMTP id 586e51a60fabf-33bb2e3a481sf4885114fac.2 for ; Fri, 03 Oct 2025 08:51:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1759506712; cv=pass; d=google.com; s=arc-20240605; b=OS5XpicYGna9u6hr4fO3AazFoVBN12Aoh7U1RiTVc+82D0RFXfmpk6A1IIj4nlk0+J tNONaxkd0vXPgJy5sylCKJmrhra211LAHFqFqFGGy8clplxD2524SCm18sQtKUAt4hRC 42oQNikJHX7tBiVawvmrpiJxXxD/M7w9/IQ0kSiDvFOOFE3TGcD4hXl0P9C/CWCVKU9G eus8zzREwmDpcSQQtIUYhT8NI0IxBA/P/zfc9XfuwUyyM08nttMNuROmWsXn6aJtK9eo 7H8rcazdgwVspr923ysWGYqhrY5Xx2kBescZz3XjCrBJRmBN6zem0vNnGK289dyECT1y fZgw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:sender:dkim-signature; bh=TYTwpMuM5QzJzwFLR3UttfBs1+r7HHn21ej0Pw00s4g=; fh=UaqnHd+W7gikAVrG/TtKjefEPkmjT1xpPurywZ3XUdA=; b=bEW3NCks3U6OCGTGNHZwSZSUoqSBIXMQAnXLa2ChpzCkVlfJZcuhvgw9FpAMEkoAr/ RPJ0DfeMrshWsiFNjWihji4cY2rLr44UXdgSJ10W35kk3AlLmuYYAeX2FyGeZhMHUDwG XfxAe2PfjKiheC9eHNaOmIQ0A1pY/gkhSVHfCqjq46TBt7pQKiYRFBaDnFgelYFMkPFL NR5ApocprL77+qTVV18Z+aXK4W4h4ZGNepfQP6Q2SmPzLeJxJ1ZbvJdaBeACiIvxqrW+ 4MKeEn+iQNaG5qUijCGO8DK4XAp3WqedNVdrLnx/eKP1J/gl2PVNDdpWUWiBcsDDGOJf QiBw==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=L9Ou89SZ; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) smtp.mailfrom=pete@petertodd.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1759506712; x=1760111512; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id:sender :from:to:cc:subject:date:message-id:reply-to; bh=TYTwpMuM5QzJzwFLR3UttfBs1+r7HHn21ej0Pw00s4g=; b=Rqg6paAFNzM7d5hJqxT0gbY+OPCHvVTE7CufsbbZmYCxcyz6eo/HuY97QjXlJm2r0Y l7Ta4MXoeO2lSRDHbfGAHe1KReAVmmjnIXQg0k8H9pAY4Z4lQocjF6/3mPFudkvwyDek M0klSkhObg4sD2uiTLRjrDb9MnwOPjDcWS2SQ7HNHNYAqLW4zyVfMqMGh5fx+XuIjyuv CGwKBul9GZuoqOuYu2VtZ4ZReNUhM49kZfUpbAdUx+oflj00w64eOOQ2NfeGw5oc78Lt qOX7gEP8gszq2wZ6ciQhEr4EvBY3HHgKvQJbv2FO/Yx3KazW8yNjXWJeOYTAF5rLkZ6a HFsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759506712; x=1760111512; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=TYTwpMuM5QzJzwFLR3UttfBs1+r7HHn21ej0Pw00s4g=; b=CFz1wo9ZuHm8wD8PP8AHnGRKMrR/PzEsYCG3rr5fGLjtCNESAVlDg9LEzTBUefywQY zSIOSvXPczr+0lhKML4jua4wWzZzjjXTurAGXqje/FcLLzSpBQ/geLhrhL+Ix+5C8zWM BEKjXU2lqZDxvunJa7WB5DQ91+be7Bmqffv7/qWgR+pKD+fKRtpVqy+EvK8uu7Ae/SG8 RAgZPrixcxjgSp7KnoWToX6dAuWj6TW+POq3gcbNkQDgTWJ19msQpNHxDa9u6kdO1USu MejmZUTHg0VdmgSsogLlIw6Tnh0qu+1qa7h+ST9Oh7BsCwR3ZG5g8c7S/AWZC5GAros3 ARrQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCUZIgBFawVBO8mTIUundz4kTZmiDkqTiLNexskjSCNRhQDmxVFKV8I2WEJ0vmuQ7RNcwMr5N/0XoxtB@gnusha.org X-Gm-Message-State: AOJu0YxOIfGqV52s6sb3s0/xoM9NJRaXoQLDsEhwHUDX88gioGFJ59MP TNSHd65SCSROu5oI3IxtyvC1j9bMNbaDZs5bQ/QPL44Zmuipip6GVb3i X-Google-Smtp-Source: AGHT+IHGFHuuiMIm0proDUfe+UPPmfehy4sXTQ+oQzogLhYW6hefJpr47Rb/I0Zu4Otphhu2hpqYqg== X-Received: by 2002:a05:6870:80cb:b0:30c:2b9:6bb6 with SMTP id 586e51a60fabf-3b0f46fbe07mr2059779fac.0.1759506712520; Fri, 03 Oct 2025 08:51:52 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="ARHlJd6LCpU2FMYXaj2o6wrn6ISnsu2f4K3b1CHZLnj6gHfkAg==" Received: by 2002:a05:6871:d685:20b0:330:f9af:ee37 with SMTP id 586e51a60fabf-3abfec49dcals962927fac.1.-pod-prod-01-us; Fri, 03 Oct 2025 08:51:48 -0700 (PDT) X-Received: by 2002:a05:6808:1b2a:b0:438:3d00:a46a with SMTP id 5614622812f47-43fc186944fmr1842700b6e.43.1759506708319; Fri, 03 Oct 2025 08:51:48 -0700 (PDT) Received: by 2002:a05:620a:a102:b0:851:28d8:13e with SMTP id af79cd13be357-877bbf10b61ms85a; Fri, 3 Oct 2025 06:24:46 -0700 (PDT) X-Received: by 2002:a05:6102:512b:b0:5b9:c38a:c4f9 with SMTP id ada2fe7eead31-5d41d1728fcmr970464137.31.1759497885489; Fri, 03 Oct 2025 06:24:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1759497885; cv=none; d=google.com; s=arc-20240605; b=JWGXWby5tVJwrRLOCx4yO3eQU0vUBaENB3CR2Vn0x5LPPlyu8BT5CIovLUweBmmfsE moh08Q73NkcPbfff60osOqfL7TKqhQznBltYa21zEhXOlS9A+v6Ve/pQZGCKdaZGVaoX s5+RNUdRRBecBdUy2qVihk50zgwXGCANYwTvAyhHy6dWcidYxrxJEiEWoR7B871tRVbH KwvYDe3sERYcZwNI7MkOkZeJi7+qMXKFznCFu8V+Ghb/JsdANut9rgIMDqpn3gUxSOqa Wb/de3d69IZwFKEfmLbPb+kMnzV/JXoKw7p82QNU85zocb+FQ/s3LbcFH+MjLHcowQ4X X5NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:feedback-id:dkim-signature; bh=eCrS1atqw3v24jaRzZiL2gWtq/g5yVmDvFpCsRbdAbE=; fh=zwD6MnSx31+wTUYXvjlRY9wKEAVfUFCZok1hjFoWcUg=; b=JQOl32Yd5+BRQM/7TXs6aSp3uZ/vKG8AYOeHpgYGskeLj2gQF6bXol1e8saZR74Lq7 3qgegBGqm3BujOynzi0onRNznWOhnzarV9aowtlVpZWojXypikKbg8b5hcZvoECe3jtp LYeLBhMq5X75rRb7KOj9m+wXGy6LgXcR2bkOE7C/3d4EYzCRQI678+kFA0dAqinfs198 mSbahWYRBP/UMqHxZEHfbhJ2hD7LvT9lFLqpkO7q4dXNvSLeYXhsN7A3SiXfT7nFrB+3 rRRS5VjMjzYeN8OfBfoR28Eo6YaREjYUnLuLsc4QuzWzTNHGf2vQqExhRZGMvKLhCQUJ DWoA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=L9Ou89SZ; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) smtp.mailfrom=pete@petertodd.org Received: from fhigh-a1-smtp.messagingengine.com (fhigh-a1-smtp.messagingengine.com. [103.168.172.152]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-92eb4c4ab3bsi207462241.0.2025.10.03.06.24.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Oct 2025 06:24:45 -0700 (PDT) Received-SPF: pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) client-ip=103.168.172.152; Received: from phl-compute-10.internal (phl-compute-10.internal [10.202.2.50]) by mailfhigh.phl.internal (Postfix) with ESMTP id 2071714001BA; Fri, 3 Oct 2025 09:24:45 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-10.internal (MEProxy); Fri, 03 Oct 2025 09:24:45 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdekledtudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrvghtvghrucfv ohguugcuoehpvghtvgesphgvthgvrhhtohguugdrohhrgheqnecuggftrfgrthhtvghrnh eptddtgedtffetueekfffhffekkeeihfetuddvteejueejffegveeghfduteejhfevnecu ffhomhgrihhnpehgihhthhhusgdrtghomhdpphgvthgvrhhtohguugdrohhrghenucevlh hushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvghtvgesphgv thgvrhhtohguugdrohhrghdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouh htpdhrtghpthhtohepvghkrghgghgrthgrsehgmhgrihhlrdgtohhmpdhrtghpthhtohep sghithgtohhinhguvghvsehgohhoghhlvghgrhhouhhpshdrtghomh X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 3 Oct 2025 09:24:44 -0400 (EDT) Received: by localhost (Postfix, from userid 1000) id 99E009FC9B; Fri, 3 Oct 2025 13:24:38 +0000 (UTC) Date: Fri, 3 Oct 2025 13:24:38 +0000 From: Peter Todd To: waxwing/ AdamISZ Cc: Bitcoin Development Mailing List Subject: Re: [bitcoindev] On (in)ability to embed data into Schnorr Message-ID: References: <0f6c92cc-e922-4d9f-9fdf-69384dcc4086n@googlegroups.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qq1aX4FXbpeNWI67" Content-Disposition: inline In-Reply-To: <0f6c92cc-e922-4d9f-9fdf-69384dcc4086n@googlegroups.com> X-Original-Sender: pete@petertodd.org X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=L9Ou89SZ; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.152 as permitted sender) smtp.mailfrom=pete@petertodd.org Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) --qq1aX4FXbpeNWI67 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline On Wed, Oct 01, 2025 at 07:24:50AM -0700, waxwing/ AdamISZ wrote: > Hi all, > > https://github.com/AdamISZ/schnorr-unembeddability/ > > Here I'm analyzing whether the following statement is true: "if you can > embed data into a (P, R, s) tuple (Schnorr pubkey and signature, BIP340 > style), without grinding or using a sidechannel to "inform" the reader, you > must be leaking your private key". > > See the abstract for a slightly more fleshed out context. > > I'm curious about the case of P, R, s published in utxos to prevent usage > of utxos as data. I think this answers in the half-affirmative: you can > only embed data by leaking the privkey so that it (can) immediately fall > out of the utxo set. > > (To emphasize, this is different to the earlier observations (including by > me!) that just say it is *possible* to leak data by leaking the private > key; here I'm trying to prove that there is *no other way*). You can probably use timelock encryption to ensure that the leak of the private key only happens in the future, after the funds are recovered by the owner in a subsequent transaction. -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/aN_OlgvB-Co1BL19%40petertodd.org. --qq1aX4FXbpeNWI67 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmjfzpcACgkQLly11TVR LzdPKQ/7B9YF8eVl+9mknfuZqocTJT2hks/hisRx6J2ZyoHs8cJMFpsoAkQGGsvM JeDGKz3t6RkkFENwUTZOYdw0LQTlKsy2TI9zZQG7rO8/wRch3MTr59O2GkPxk4fi SXLqBXP2OGVfU/c051WMCJ5/An0oT4LNKzWOXGRPpkhftZUD3rjyZaCEe1+nK5yR kuLjhl75/3oRVRdaAwxdiVuvMRz4c/fEoImSTVpJVK51JcuTdrChwZNBsArJSUZQ JQ6nujSeRD3mEM58+vlmOKxMUkeB7R+lh2OnyTv7sgGrTEhkHsDR3gV5IvkFrYXq rmrnCvPi48iWPL0m+bm4NmCGnZqPwcdxYXSBVnolpUzt4tA8d5OyxFI2xvIFtzCi FjCFT3Ek+1apUDFjV4CLp5GXkdItiWnPwOwhY3GKfP4aa2KWXLHAFRY6QzrP+h+i l+xf0Yh2hE0kTNyqu6lhxMeo4tWE1G0FgfgzrqoJYb+P/xDCex23oXx7PBUdHfXg 7QTNIMCFT8z+MVHHBct761DiS+y8NDW4XCwIKo0LGeGZPCHKYcKw4tQXIbUXrOtW hYtj0upungN1U911QR/1FGxz3+cwx+UzTD80Rdd6VTXKpLX9kR+L+R2msce5DPv8 8hyQGWA6jGONK5xY0H3dY5HuUrm5iGawOK/tz/TzNUpk7h4mNUg= =ZQuz -----END PGP SIGNATURE----- --qq1aX4FXbpeNWI67--