š
Original date posted:2018-09-11
š Original message:- Musig, by being M of M, is inherently prone to loss.
- Having the senders of the G*x pubkey shares sign their messages with the
associated private key share should be sufficient to prevent them from
using wagner's algorithm to attack the combined key. Likewise, the G*k
nonce fragments should also be signed with the pubkey shares.
On Tue, Sep 11, 2018 at 1:27 PM Gregory Maxwell <greg at xiph.org> wrote:
> On Tue, Sep 11, 2018 at 5:20 PM Erik Aronesty <erik at q32.com> wrote:
> > The security advantages of a redistributable threshold system are huge.
> If a system isn't redistributable, then a single lost or compromised key
> results in lost coins... meaning the system is essetntially unusable.
> >
> > I'm actually worried that Bitcoin releases a multisig that encourages
> loss.
>
> There is no "non- edistributiable multisig" proposed for Bitcoin
> anywhere that I am aware of.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180911/d39149db/attachment.html>;
Erik Aronesty [ARCHIVE] /
npub1y2ā¦5taj0
2023-06-07 18:14:30
in reply to nevent1qā¦6y6y
Author Public Key
npub1y22yec0znyzw8qndy5qn5c2wgejkj0k9zsqra7kvrd6cd6896z4qm5taj0Published at
2023-06-07 18:14:30Event JSON
{
"id": "4114141557eff48a4552fe5df69b9424d19d2635ffc192b3f3466195e2e19d40",
"pubkey": "22944ce1e29904e3826d25013a614e4665693ec514003efacc1b7586e8e5d0aa",
"created_at": 1686161670,
"kind": 1,
"tags": [
[
"e",
"a251eaae7ce9abdb0800b64b88d4c4d7dd8b91a2f01bfd226d6555b5fa77597c",
"",
"root"
],
[
"e",
"9adfe18a61db03d0da39088234696ef58c81042453ed1bdb14a0ea56bb54c4da",
"",
"reply"
],
[
"p",
"4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73"
]
],
"content": "š
Original date posted:2018-09-11\nš Original message:- Musig, by being M of M, is inherently prone to loss.\n\n- Having the senders of the G*x pubkey shares sign their messages with the\nassociated private key share should be sufficient to prevent them from\nusing wagner's algorithm to attack the combined key. Likewise, the G*k\nnonce fragments should also be signed with the pubkey shares.\n\n\n\nOn Tue, Sep 11, 2018 at 1:27 PM Gregory Maxwell \u003cgreg at xiph.org\u003e wrote:\n\n\u003e On Tue, Sep 11, 2018 at 5:20 PM Erik Aronesty \u003cerik at q32.com\u003e wrote:\n\u003e \u003e The security advantages of a redistributable threshold system are huge.\n\u003e If a system isn't redistributable, then a single lost or compromised key\n\u003e results in lost coins... meaning the system is essetntially unusable.\n\u003e \u003e\n\u003e \u003e I'm actually worried that Bitcoin releases a multisig that encourages\n\u003e loss.\n\u003e\n\u003e There is no \"non- edistributiable multisig\" proposed for Bitcoin\n\u003e anywhere that I am aware of.\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180911/d39149db/attachment.html\u003e",
"sig": "18e412269d2c79d16f3b00647c8e5d9904cadc6090659c970806ef37010cd821f1298c654d058382b5572a7f729618bf8d5884e7ab271b4a754a32404879691c"
}