📅 Original date posted:2014-03-08
📝 Original message:Also the other limitation for ECDSA is that there is no known protocol to
create a signture with a+b (where keys P=aG, Q=bG, R=P+Q=(a+b)G). without
either a sending its private key to b or viceversa (or both to a third
party).
With Schnorr sigs you can do it, but the k^-1 term in ECDSA makes a (secure)
direct multiparty signature quite difficult.
ps probably only 1 party needs to hash their key
P=aG
H(P) ->
<- Q=bG
P ->
Adam
On Sat, Mar 08, 2014 at 12:37:30PM +0200, Joel Kaartinen wrote:
> If both parties insist on seeing a hash of the other party's public key
> before they'll show their own public key, they can be sure that the
> public key is not chosen based on the public key they themselves
> presented.
Adam Back [ARCHIVE] /
npub1ac…lswfj
2023-06-07 15:14:38
in reply to nevent1q…94af
Author Public Key
npub1ac86vemj7ce5z8jyxt39rna3tvwql6xd30ha3vxcd6esysp23d9qrlswfjPublished at
2023-06-07 15:14:38Event JSON
{
"id": "476a1da1259adbf35837f936fd4bcaa74400806998363bb8ae7cda1589caef20",
"pubkey": "ee0fa66772f633411e4432e251cfb15b1c0fe8cd8befd8b0d86eb302402a8b4a",
"created_at": 1686150878,
"kind": 1,
"tags": [
[
"e",
"a6dc4c63eb9cc184811ab757ec03e54259d685e9ca9a0fa081c9c1805eb862b9",
"",
"root"
],
[
"e",
"48974186ae773143b6ac9fcbfca95e4979e4497dfe7200c8750983f59b2e31cc",
"",
"reply"
],
[
"p",
"88fdcee83ee595959771655e21d171024e8e17645cd1e89fd6f34cfa1fd712be"
]
],
"content": "📅 Original date posted:2014-03-08\n📝 Original message:Also the other limitation for ECDSA is that there is no known protocol to\ncreate a signture with a+b (where keys P=aG, Q=bG, R=P+Q=(a+b)G). without\neither a sending its private key to b or viceversa (or both to a third\nparty).\n\nWith Schnorr sigs you can do it, but the k^-1 term in ECDSA makes a (secure)\ndirect multiparty signature quite difficult.\n\nps probably only 1 party needs to hash their key\n\nP=aG \n H(P) -\u003e\n\n\t\t\u003c- Q=bG\n\n\t P -\u003e\n\nAdam\n\nOn Sat, Mar 08, 2014 at 12:37:30PM +0200, Joel Kaartinen wrote:\n\u003e If both parties insist on seeing a hash of the other party's public key\n\u003e before they'll show their own public key, they can be sure that the\n\u003e public key is not chosen based on the public key they themselves\n\u003e presented.",
"sig": "aef41324e311edc592ef632e8a4e5ac83c4d7678979e7db24a9454fa1ba3f031deaefdd5e0a80293ed16570a7ed66c3874d258600a8ce8c4d854f5de287e4a92"
}