📅 Original date posted:2023-07-26
🗒️ Summary of this message: The scheme for blinding the challenge works well and doesn't require modifying the aggregated pubkey. The receiver of a statecoin would verify the signatures and transactions.
📝 Original message:
@moonsettler
Your scheme for blinding the challenge (e in your notation) works as far as
I can tell. It is better than the way I suggested as it doesn't require
modifying the aggregated pubkey (and the blinding nonce can be different
for each signature).
@AdamISZ and @Jonas
It is not necessarily the server that would need to verify that the
challenge is 'well formed', but the receiver of a statecoin. The concept of
having a blinded statechain server is that each signature generated for a
shared public key must be verified by the receiver of the corresponding
coin. So a receiver would retrieve the number of co-signings performed by
the server (K) and then verify each of the K signatures, and K transactions
that they have received from the sender. They can additionally verify that
each of the K R values has been correctly formed with a proof of secret
value for creating R2 (along with the R1 from the server).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230726/28eeeab3/attachment-0001.html>;
Tom Trevethan [ARCHIVE] /
npub1ax…wyw7n
2023-07-27 00:26:34
in reply to nevent1q…kg40
Author Public Key
npub1axshsyxsl3vasj4z9549rvwdvhjmh52fw0ayj3ghtmdezx8cnuxqlwyw7nPublished at
2023-07-27 00:26:34Event JSON
{
"id": "dd5699e74c726bc70651daa1d5b82e40ee899bb86eb932e99fc6e2f97173cd25",
"pubkey": "e9a17810d0fc59d84aa22d2a51b1cd65e5bbd14973fa4945175edb9118f89f0c",
"created_at": 1690417594,
"kind": 1,
"tags": [
[
"e",
"961d711feb21f391e929fc93a5451f3654c2d8c47ecb46ca44c4b148516657b4",
"",
"root"
],
[
"e",
"7792a36e445e89366b691701dff54b5240ebcc443aa8f8114f6af1721009ae3f",
"",
"reply"
],
[
"p",
"9aea8afdad20bf625005d962b4f7490065bbc193226d24c1a04c6303f4de9637"
]
],
"content": "📅 Original date posted:2023-07-26\n🗒️ Summary of this message: The scheme for blinding the challenge works well and doesn't require modifying the aggregated pubkey. The receiver of a statecoin would verify the signatures and transactions.\n📝 Original message:\n@moonsettler\n\nYour scheme for blinding the challenge (e in your notation) works as far as\nI can tell. It is better than the way I suggested as it doesn't require\nmodifying the aggregated pubkey (and the blinding nonce can be different\nfor each signature).\n\n@AdamISZ and @Jonas\n\nIt is not necessarily the server that would need to verify that the\nchallenge is 'well formed', but the receiver of a statecoin. The concept of\nhaving a blinded statechain server is that each signature generated for a\nshared public key must be verified by the receiver of the corresponding\ncoin. So a receiver would retrieve the number of co-signings performed by\nthe server (K) and then verify each of the K signatures, and K transactions\nthat they have received from the sender. They can additionally verify that\neach of the K R values has been correctly formed with a proof of secret\nvalue for creating R2 (along with the R1 from the server).\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230726/28eeeab3/attachment-0001.html\u003e",
"sig": "173f938ff878d62e53ca31ed0d2836408d0a9531dea74ec3cbdfd5fa233e1cae92678f00f1713d9ca98aafa6285ea9245a0613faff0b17fbddff368b8c70c8e5"
}