π
Original date posted:2022-07-17
π Original message:To be clear, whether "half aggregation needs a new output type or not" does not
become clear in the draft BIP because it is out of scope. Half-aggregation has a
few possible applications. The draft only specifies the cryptographic scheme.
The StackExchange post you link to argues that CISA requires a new output type.
The same argument applies to half aggregating signatures across transaction
inputs (CISHA, if you will). The only difference to "full aggregation" is that
the transaction signature is a single half-aggregate signature instead of a
64-byte signature. You're right that it's possible to do batch verification of
Taproot output key spends (Schnorr signatures) and script spends (key tweaks).
Jonas Nick [ARCHIVE] /
npub1atβ¦y3z5a
2023-06-07 23:11:20
in reply to nevent1qβ¦lznu
Author Public Key
npub1at3pav59gkeqz9kegzqhk2v4j4r435x42ytf23pxs8crt74tuc8s2y3z5aPublished at
2023-06-07 23:11:20Event JSON
{
"id": "e2e3242811aff8e92425699e9b1953abaf43ad58b88ba3679beefc12b2ee2ffd",
"pubkey": "eae21eb28545b20116d940817b2995954758d0d5511695442681f035faabe60f",
"created_at": 1686179480,
"kind": 1,
"tags": [
[
"e",
"0d72a15ee72366e53511c642de2a3b7516b96b2b8bf94b48e88958ece595c21c",
"",
"root"
],
[
"e",
"6f128ed76e468ce9436b50eee12110102263ccb1b9cb7e1ebd0896f66a0b4906",
"",
"reply"
],
[
"p",
"7c4981f0d3c5eec97631de273b25b6435f0f33e0fa6cce270ddd3f3b8797d26a"
]
],
"content": "π
Original date posted:2022-07-17\nπ Original message:To be clear, whether \"half aggregation needs a new output type or not\" does not\nbecome clear in the draft BIP because it is out of scope. Half-aggregation has a\nfew possible applications. The draft only specifies the cryptographic scheme.\n\nThe StackExchange post you link to argues that CISA requires a new output type.\nThe same argument applies to half aggregating signatures across transaction\ninputs (CISHA, if you will). The only difference to \"full aggregation\" is that\nthe transaction signature is a single half-aggregate signature instead of a\n64-byte signature. You're right that it's possible to do batch verification of\nTaproot output key spends (Schnorr signatures) and script spends (key tweaks).",
"sig": "abf8a96d6db93c6ad8da5fadfaaebb4561a7e35e33fa0c314ecc108b402728a4b1147bbbd77f24f2e5f8e1f01c8c11e9364f8980124e9b0fdd01749678886913"
}