Return-Path: <crypto@timruffing.de> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6D96ACD7 for <bitcoin-dev@lists.linuxfoundation.org>; Sun, 8 Jul 2018 15:16:39 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.mailbox.org (mx1.mailbox.org [80.241.60.212]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A1B99FC for <bitcoin-dev@lists.linuxfoundation.org>; Sun, 8 Jul 2018 15:16:38 +0000 (UTC) Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 0337F40CC2 for <bitcoin-dev@lists.linuxfoundation.org>; Sun, 8 Jul 2018 17:16:36 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id UI4s6NkJH546 for <bitcoin-dev@lists.linuxfoundation.org>; Sun, 8 Jul 2018 17:16:35 +0200 (CEST) Message-ID: <08201f2292587821e6d23f6cc201d95e6e5ad2cd.camel@timruffing.de> From: Tim Ruffing <crypto@timruffing.de> To: bitcoin-dev@lists.linuxfoundation.org Date: Sun, 08 Jul 2018 17:16:34 +0200 In-Reply-To: <CAJowKgLrSe77sqO2iB7mYboo_HW=YjO4=AFdv7L5FUi2vygMiQ@mail.gmail.com> References: <CAJowKgLrSe77sqO2iB7mYboo_HW=YjO4=AFdv7L5FUi2vygMiQ@mail.gmail.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sun, 08 Jul 2018 15:31:10 +0000 Subject: Re: [bitcoin-dev] Multiparty signatures X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Sun, 08 Jul 2018 15:16:39 -0000 Hi Erik, On Sun, 2018-07-08 at 10:19 -0400, Erik Aronesty via bitcoin-dev wrote: > Consider changing the "e" term in the schnorr algorithm to hash of > message (elligator style) to the power of r, rather than using > concatenation. How do you compute s = x*e if e is an element of group G? (Similar question: How do you verify if e is element of G?) Are you aware of http://cacr.uwaterloo.ca/techreports/2001/corr2001-13.ps ? This is a threshold signature scheme for Schnorr signatures, so what you want is possible already with Schnorr signatures. Best, Tim