📅 Original date posted:2018-07-09
📝 Original message:On Sun, Jul 8, 2018, 21:29 Erik Aronesty <erik at q32.com> wrote:
> Because it's non-interactive, this construction can produce multisig
> signatures offline. Each device produces a signature using it's own
> k-share and x-share. It's only necessary to interpolate M of n shares.
>
> There are no round trips.
>
> The security is Shamir + discrete log.
>
> it's just something I've been tinkering with and I can't see an obvious
> problem.
>
> It's basically the same as schnorr, but you use a threshold hash to fix
> the need to be online.
>
> Just seems more useful to me.
>
That sounds very useful if true, but I don't think we should include novel
cryptography in Bitcoin based on your not seeing an obvious problem with it.
I'm looking forward to seeing a more complete writeup though.
Cheers,
--
Pieter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180708/3551e8cf/attachment.html>;
Pieter Wuille [ARCHIVE] /
npub1tj…jtl6r
2023-06-07 18:13:41
in reply to nevent1q…04mw
Author Public Key
npub1tjephawh7fdf6358jufuh5eyxwauzrjqa7qn50pglee4tayc2ntqcjtl6rSeen on
wss://relay.nostr.bandPublished at
2023-06-07 18:13:41Event JSON
{
"id": "e97091726284551fb7bfeea22bc8d7fd9be5a4110fee2a9be9997662c886433f",
"pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6",
"created_at": 1686161621,
"kind": 1,
"tags": [
[
"e",
"5913947cd80c78b94322af07aff87080ecda6ad2abd7e1bd4a8b9634dfe27fca",
"",
"root"
],
[
"e",
"8598965a854ae62dfe9fb77d8f745478b176c40f9c03fa787a97b6bcd0989f9a",
"",
"reply"
],
[
"p",
"5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6"
]
],
"content": "📅 Original date posted:2018-07-09\n📝 Original message:On Sun, Jul 8, 2018, 21:29 Erik Aronesty \u003cerik at q32.com\u003e wrote:\n\n\u003e Because it's non-interactive, this construction can produce multisig\n\u003e signatures offline. Each device produces a signature using it's own\n\u003e k-share and x-share. It's only necessary to interpolate M of n shares.\n\u003e\n\u003e There are no round trips.\n\u003e\n\u003e The security is Shamir + discrete log.\n\u003e\n\u003e it's just something I've been tinkering with and I can't see an obvious\n\u003e problem.\n\u003e\n\u003e It's basically the same as schnorr, but you use a threshold hash to fix\n\u003e the need to be online.\n\u003e\n\u003e Just seems more useful to me.\n\u003e\n\nThat sounds very useful if true, but I don't think we should include novel\ncryptography in Bitcoin based on your not seeing an obvious problem with it.\n\nI'm looking forward to seeing a more complete writeup though.\n\nCheers,\n\n-- \nPieter\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180708/3551e8cf/attachment.html\u003e",
"sig": "23de60677924105f29cdb571dfefa70597692f9f5cbd952947f82a1d865722d35c0a3e248adf5ed1de4bb79a7babf7f2f922b3db1ccfb94009095f1439bd2584"
}