1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 6E64DC9E
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 13 Sep 2018 20:20:53 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com
[209.85.128.43])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B41FC7EB
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 13 Sep 2018 20:20:52 +0000 (UTC)
Received: by mail-wm1-f43.google.com with SMTP id b19-v6so88478wme.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 13 Sep 2018 13:20:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=q32-com.20150623.gappssmtp.com; s=20150623;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=va1SfLiSNWtBbQZBistDHDjxcqcnmdcF+43E35NBpvg=;
b=cOTDcEvRnuco4Tly1Jpe3AjHTW/5ZjIvhVWTj/ZwU9MHMbhy5lWnh+unVKSmRg9xgE
ick2rTh8zd1oExJ0A0M0vfrW6IyE2BOsRpVd3Au+4xCeF/0QTPCC89IXHyZxChJQjXKK
6UDMxenRbkQK8ADNoVzoMeh484HagxfoEekAj8Pmi1sJauY4v67DTzGexyiUfeyzTyuC
JmLeDtZsVafbpQdf6Gq6N1fyeRhLwQ8nVo9IcwUISJ5qewCuj0S21/3iRJPf23qmTXD6
3g9fZ1Pxq1ZUyOHJsBiyHFs9aTtUezGVNwoObpgGSNBi28NG8xN4c1wX+4I/hLzSiCng
GSbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=va1SfLiSNWtBbQZBistDHDjxcqcnmdcF+43E35NBpvg=;
b=ra7mJ/LZtPY2XdOE/b5D6rsg+ysHUXFiw286F52lbk54XBxglNuD+KZ/kJC7rpKKZw
ZI1lFc3hgtkT+s45fcesc4b2eUyG9Ow1Sx19cTJa5atXZDYmckHlE935OpP9X15jFTur
oflFzkhWMPpQ+1iAM14CYAujP4aeRnwwDsUcQwjSXmub/M/k5V4vqIWFUr/VhX6boxrs
AE11aZoRnnOQBoVE9Sffl4ycrPee7TY7fgs+a+ECoA/NEctJnATHIhYRB+7e0JRAsYem
tn+172bAb75O8FqnPYTI1OZWVyOuefNpRzRxmgCiSR5vziTwPk+fvkf45gcwrwlJhKbo
MWcg==
X-Gm-Message-State: APzg51Dg9SO/SCNVpBpDSi7jpsp76PFQ8Dz2Ro5rYmBrG1a4YcuKFVDN
Eq9JjSiXzEBdwhcmvMqSSjrM409vnAiJB+6SsfUQEMI=
X-Google-Smtp-Source: ANB0VdauJsHWCjzs21wFKaOrgXG9FD1suItiYyFoiJdEWf2BNBlc78j5Ffo4dZvJdJGWrbd9mAXu92cHoam4tTHZPoI=
X-Received: by 2002:a1c:90e:: with SMTP id 14-v6mr6942147wmj.130.1536870051024;
Thu, 13 Sep 2018 13:20:51 -0700 (PDT)
MIME-Version: 1.0
References: <20180812163734.GV499@boulet.lan>
<CAJowKg+h11YkwOo-gyWCw+87Oh-9K34LOnJ1730hhpoVR2m5sA@mail.gmail.com>
<20180903000518.GB18522@boulet.lan>
<CAJowKg+PDtEV3je_N9Ra6u3n4+ZQ3ozYapt8ivxGYYU28Qad+w@mail.gmail.com>
<CAAS2fgT0uBGbLBOW4TxA-qCzOLwoQ1qSV-R0dMKRzPLAm_UOqQ@mail.gmail.com>
<CAJowKg+-45h6vraL1PpnqfhHSbG+G40L+FD7xN+C-Dn1E6Y_Vg@mail.gmail.com>
<CAAS2fgSfdfQ2CiEabjrjspQGQufwzk84f1mzM1j_LRWqAPd8wA@mail.gmail.com>
<CAJowKgK3Pxev4pDH4xVLPvmHda8oAfq=fya4TY+_dodUJ7j9Nw@mail.gmail.com>
<CAAS2fgQOb4UJBkH=pMre=tsbAUmMNYx=4jkBawX4Rc_dKcpwZg@mail.gmail.com>
<CAJowKgK9UdavrGnKum43dx+DXe+LakHXuVU6bNhMFtEoy2U3Og@mail.gmail.com>
<20180913184649.GC18522@boulet.lan>
In-Reply-To: <20180913184649.GC18522@boulet.lan>
From: Erik Aronesty <erik@q32.com>
Date: Thu, 13 Sep 2018 16:20:36 -0400
Message-ID: <CAJowKg+0uOZ5_ryFit6-GW_fEbkXwBU8m7VAAOxgZAzP_5rF8A@mail.gmail.com>
To: apoelstra@wpsoftware.net
Content-Type: multipart/alternative; boundary="0000000000007515910575c67147"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,FREEMAIL_FROM,HTML_MESSAGE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 14 Sep 2018 13:50:09 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Schnorr signatures BIP
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2018 20:20:53 -0000
--0000000000007515910575c67147
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
The paper refers to either:
a) building up threshold signatures via concatenation, or. implicitly -
in Bitcoin -
b) by indicating that of M of N are valid, and requiring a validator to
validate one of the permutations of M that signed - as opposed to a scheme,
like a polynomial function, where the threshold is built in to the system.
Maybe there's another mechanism in there that I'm not aware of - because
it's just too simple to mention?
- Erik
On Thu, Sep 13, 2018 at 2:46 PM Andrew Poelstra <apoelstra@wpsoftware.net>
wrote:
> On Tue, Sep 11, 2018 at 01:37:59PM -0400, Erik Aronesty via bitcoin-dev
> wrote:
> > - Musig, by being M of M, is inherently prone to loss.
> >
>
> It has always been possible to create M-of-N threshold MuSig signatures
> for any
> M, N with 0 < M =E2=89=A4 N. This is (a) obvious, (b) in our paper, (c)
> implemented at
>
>
> https://github.com/apoelstra/secp256k1/blob/2018-04-taproot/src/modules/m=
usig/main_impl.h
>
> --
> Andrew Poelstra
> Research Director, Mathematics Department, Blockstream
> Email: apoelstra at wpsoftware.net
> Web: https://www.wpsoftware.net/andrew
>
> "Make it stop, my love; we were wrong to try
> Never saw what we could unravel in traveling light
> Nor how the trip debrides like a stack of slides
> All we saw was that time is taller than space is wide"
> --Joanna Newsom
>
>
--0000000000007515910575c67147
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>The paper refers to either:</div><div><br></div><div>=
=C2=A0 a) building up threshold signatures via concatenation, or. implicitl=
y - in Bitcoin - <br></div><div>=C2=A0 b) by indicating that of M of N are =
valid, and requiring a validator to validate one of the permutations of M t=
hat signed - as opposed to a scheme, like a polynomial function, where the =
threshold is built in to the system.</div><div><br></div><div>Maybe there&#=
39;s another mechanism in there that I'm not aware of - because it'=
s just too simple to mention?</div><div><br></div><div>- Erik<br></div><div=
><br></div><div><br></div><div><br></div><div><br></div><div><br></div></di=
v><br><div class=3D"gmail_quote"><div dir=3D"ltr">On Thu, Sep 13, 2018 at 2=
:46 PM Andrew Poelstra <<a href=3D"mailto:apoelstra@wpsoftware.net" targ=
et=3D"_blank">apoelstra@wpsoftware.net</a>> wrote:<br></div><blockquote =
class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid=
;padding-left:1ex">On Tue, Sep 11, 2018 at 01:37:59PM -0400, Erik Aronesty =
via bitcoin-dev wrote:<br>
> - Musig, by being M of M, is inherently prone to loss.<br>
><br>
<br>
It has always been possible to create M-of-N threshold MuSig signatures for=
any<br>
M, N with 0 < M =E2=89=A4 N. This is (a) obvious, (b) in our paper, (c) =
implemented at<br>
<br>
<a href=3D"https://github.com/apoelstra/secp256k1/blob/2018-04-taproot/src/=
modules/musig/main_impl.h" rel=3D"noreferrer" target=3D"_blank">https://git=
hub.com/apoelstra/secp256k1/blob/2018-04-taproot/src/modules/musig/main_imp=
l.h</a> <br>
<br>
-- <br>
Andrew Poelstra<br>
Research Director, Mathematics Department, Blockstream<br>
Email: apoelstra at <a href=3D"http://wpsoftware.net" rel=3D"noreferrer" ta=
rget=3D"_blank">wpsoftware.net</a><br>
Web:=C2=A0 =C2=A0<a href=3D"https://www.wpsoftware.net/andrew" rel=3D"noref=
errer" target=3D"_blank">https://www.wpsoftware.net/andrew</a><br>
<br>
"Make it stop, my love; we were wrong to try<br>
=C2=A0Never saw what we could unravel in traveling light<br>
=C2=A0Nor how the trip debrides like a stack of slides<br>
=C2=A0All we saw was that time is taller than space is wide"<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0--Joanna Newsom<br>
<br>
</blockquote></div>
--0000000000007515910575c67147--
|