š
Original date posted:2018-07-08
š Original message:To save space, start with the wiki terminology on schnorr sigs.
Consider changing the "e" term in the schnorr algorithm to hash of message
(elligator style) to the power of r, rather than using concatenation.
I don't think this changes the security. An attacker would need to know k
to either way to compromise the private key.
This would allow m of n devices to sign a transaction without any of them
knowing a private key at all.
IE: each device can roll a random number as a share and the interpolation
of that is the private key.
The public shares can be broadcast and combines. And signature shares can
be broadcast and combined.
The net result of this is it really possible for an arbitrary set of
devices to create a perfectly secure public-private key pair set.
At no point was the private key anywhere.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180708/cbdf80dd/attachment.html>;
Erik Aronesty [ARCHIVE] /
npub1y2ā¦5taj0
2023-06-07 18:13:39
in reply to nevent1qā¦8ly4
Author Public Key
npub1y22yec0znyzw8qndy5qn5c2wgejkj0k9zsqra7kvrd6cd6896z4qm5taj0Seen on
wss://relay.nostr.bandPublished at
2023-06-07 18:13:39Event JSON
{
"id": "87b8574bb7b580653b116fa785f9b04b49d3e4152e168eed47d8e280eb700010",
"pubkey": "22944ce1e29904e3826d25013a614e4665693ec514003efacc1b7586e8e5d0aa",
"created_at": 1686161619,
"kind": 1,
"tags": [
[
"e",
"5913947cd80c78b94322af07aff87080ecda6ad2abd7e1bd4a8b9634dfe27fca",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "š
Original date posted:2018-07-08\nš Original message:To save space, start with the wiki terminology on schnorr sigs.\n\nConsider changing the \"e\" term in the schnorr algorithm to hash of message\n(elligator style) to the power of r, rather than using concatenation.\n\nI don't think this changes the security. An attacker would need to know k\nto either way to compromise the private key.\n\nThis would allow m of n devices to sign a transaction without any of them\nknowing a private key at all.\n\nIE: each device can roll a random number as a share and the interpolation\nof that is the private key.\n\nThe public shares can be broadcast and combines. And signature shares can\nbe broadcast and combined.\n\nThe net result of this is it really possible for an arbitrary set of\ndevices to create a perfectly secure public-private key pair set.\n\nAt no point was the private key anywhere.\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180708/cbdf80dd/attachment.html\u003e",
"sig": "5894c971d8ce30c0389183ca770cdf636c4a9dd77a4370dfa00dd0e6e60bee0baf2ab1b23588e91666e084306b3013d2beaeecaef1ac610fa92c3ed659ca9527"
}