1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
Return-Path: <crypto@timruffing.de>
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id EF5CDC0177
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 24 Feb 2020 11:23:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id E6FB885C9A
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 24 Feb 2020 11:23:55 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fB87jT7mjJSu
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 24 Feb 2020 11:23:54 +0000 (UTC)
X-Greylist: delayed 00:07:06 by SQLgrey-1.7.6
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151])
by whitealder.osuosl.org (Postfix) with ESMTPS id 223AA85C57
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 24 Feb 2020 11:23:54 +0000 (UTC)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240])
(using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
(No client certificate requested)
by mout-p-101.mailbox.org (Postfix) with ESMTPS id 48QzzK62F0zKmbT
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 24 Feb 2020 12:16:45 +0100 (CET)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp1.mailbox.org ([80.241.60.240])
by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de
[80.241.56.117]) (amavisd-new, port 10030) with ESMTP id U-bGJR7pww8P
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 24 Feb 2020 12:16:39 +0100 (CET)
Message-ID: <30bdd65dc943f698c0970ca51bfb4dfb406ea7b8.camel@timruffing.de>
From: Tim Ruffing <crypto@timruffing.de>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Date: Mon, 24 Feb 2020 12:16:38 +0100
In-Reply-To: <CAJowKgJP7FgF1KWOg4Wn=D4CjBgoE-ZYXv8LnfbVfh62ZNG5kQ@mail.gmail.com>
References: <u1IeyK5A7zyklXzl26UpCliJrFEsDp5SXUGbtXGBCrEWw6Wi7vNcoy4HNv2WXUTG_SBuMURDLhvh3YCwL2r53rL0Yj19TZpumYFD5WqmYL8=@protonmail.com>
<CAJowKgJP7FgF1KWOg4Wn=D4CjBgoE-ZYXv8LnfbVfh62ZNG5kQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Mon, 24 Feb 2020 11:41:11 +0000
Subject: Re: [bitcoin-dev] Composable MuSig
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 11:23:56 -0000
On Sun, 2020-02-23 at 02:27 -0500, Erik Aronesty via bitcoin-dev wrote:
> > Thus, two-phase MuSig is potentially unsafe.
> > https://eprint.iacr.org/2018/417.pdf describes the argument.
>
> One solution is to add a signature timeout to the message (say a
> block height) .
>
> A participant refuses to sign if that time is too far in the future,
> or is at all in the past, or if a message M is the same as any
> previous message within that time window.
>
> Seems to resolve the attacks on 2 round musig.
I don't understand this. Can you elaborate?
Best,
Tim
|