> As opposed to just making a fresh 2 keys? Yes. > try do just combine signatures ...

npub180c…h6w6

2024-05-16 15:15:01

in reply to nevent1q…r57s

> As opposed to just making a fresh 2 keys?

Yes.

> try do just combine signatures naively without the protections of musig2 against adversarial behaviour?

I see, that makes sense.

> Very unlikely to make sense

I think the use case is something like:
1. I have been using this raw private key in my desktop and so far it hasn't leaked, but I am afraid it will eventually leak.
2. So I split it in 2 and put one shard in a hardware wallet and the other I leave on the desktop, delete the raw key.
3. Now to sign events I need the combination of the two devices, communicating somehow to produce a signature.

(As I write this I realize it's not a very good use case, so maybe this discussion is a waste of time.)

What could go wrong? If one of the two shards is leaked to an attacker, could him find out about the other shard somehow?

Or, a more generic question: since the two shards are pre-defined by myself, are they immune to the key subtraction attack since that would require the attacker to use an entirely new key?

Author Public Key

npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6

Show more details

Published at

2024-05-16 15:15:01

Kind type

1 Short Text Note

Event JSON

{ "id": "df0444c8daca5b424bd8030a6326569f9d1879d4a0ab6c641c6e6a40ca0ede5d", "pubkey": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d", "created_at": 1715872501, "kind": 1, "tags": [ [ "client", "gossip" ], [ "p", "675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728" ], [ "p", "17538dc2a62769d09443f18c37cbe358fab5bbf981173542aa7c5ff171ed77c4" ], [ "p", "bd1e19980e2c91e6dc657e92c25762ca882eb9272d2579e221f037f93788de91" ], [ "e", "3c9ea6ce801ea12a728d25c9d82d2556b698c733a3a0df3a0766e97abcafd950", "wss://nostr.wine/", "root" ], [ "e", "46d66055ebb18b981b70ba266c6402fc3c88eb2722196d3a30f36ed6c5c7cf24", "wss://nostr.wine/", "reply" ] ], "content": "\u003e As opposed to just making a fresh 2 keys?\n\nYes.\n\n\u003e try do just combine signatures naively without the protections of musig2 against adversarial behaviour?\n\nI see, that makes sense.\n\n\u003e Very unlikely to make sense\n\nI think the use case is something like:\n1. I have been using this raw private key in my desktop and so far it hasn't leaked, but I am afraid it will eventually leak.\n2. So I split it in 2 and put one shard in a hardware wallet and the other I leave on the desktop, delete the raw key.\n3. Now to sign events I need the combination of the two devices, communicating somehow to produce a signature.\n\n(As I write this I realize it's not a very good use case, so maybe this discussion is a waste of time.)\n\nWhat could go wrong? If one of the two shards is leaked to an attacker, could him find out about the other shard somehow?\n\nOr, a more generic question: since the two shards are pre-defined by myself, are they immune to the key subtraction attack since that would require the attacker to use an entirely new key?", "sig": "59ecaaa1584b0f04469307177141ac04da6368fb56af6c0e665d868091d4e4c745c20cb4ff3b610e9b911fe4fc7d46ce5f80ba110bf2be7806af9bef3db2802a" }