Why Nostr? What is Njump?
2023-06-07 18:20:08
in reply to

Peter Todd [ARCHIVE] on Nostr: šŸ“… Original date posted:2019-08-13 šŸ“ Original message:On Mon, Aug 12, 2019 at ...

šŸ“… Original date posted:2019-08-13
šŸ“ Original message:On Mon, Aug 12, 2019 at 09:09:43PM -0500, Bryan Bishop wrote:
> > > Multisig gated by ECDSA pubkey recovery for provably-unknown keys
> > > =================================================================
> > >
> > > A group can participate in a multisig scheme with provably-unknown ECDSA
> > keys.
> > > Instead of deleting the key, the idea is to agree on a blockheight and
> > then
> > > select the blockhash (or some function of the chosen blockhash like
> > > H(H(H(blockhash)))) as the signature. Next, the group agrees on a
> > transaction
> > > and they recover the public key from the signature using ECDSA pubkey
> > recovery.
> >
> > Could you explain in more detail why you're deriving this from a blockhash?
> >
>
> Well you need to pick an entropy source, and I wouldn't want to tell people
> to just trust the first party to tell you a good sequence of bytes.

But why does this specifically need to be entropy?

If I understand the scheme correctly, the important thing is for the ECDSA
private key to be unknown. Under the standard assumption that hash functions
are random oracles, hashing anything should be sufficient to create a pubkey
whose private key is unknown.

Secondly, there's probably better slightly privacy if a random nonce is chosen
(perhaps by concatenating a nonce from each party) rather than picking pubkeys
unique to this use-case.

--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190813/686185e5/attachment.sig>;
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2