Erik Aronesty [ARCHIVE] on Nostr: π Original date posted:2018-09-05 π Original message:Correct, there is an ...
π
Original date posted:2018-09-05
π Original message:Correct, there is an interaction step to deduce G*k, when signing, each
participant has to publishes G*ki. I didn't talk about it. That doesn't
break it, but you're correct, it's not non-interactive.
On Wed, Sep 5, 2018 at 9:06 AM Andrew Poelstra <apoelstra at wpsoftware.net>
wrote:
> On Wed, Sep 05, 2018 at 08:26:14AM -0400, Erik Aronesty wrote:
> > Why would you call it FUD? All the weird hemming and hawing about it is
> > really strange to me. The more I look into it and speak to professors
> > about i, the more it seems "so trivial nobody really talks about it".
> >
> > 1. Generate an M of N shared public key (done in advance of signing ....
> > this gets you the bitcoin address)
> > 2. Generate signature fragments (this can be done offline, with no
> > communication between participants)
> >
> > Detailed explanation with code snippets:
> >
> >
> https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f
> >
>
> The hemming and hawing is because you've been repeatedly told that your
> scheme doesn't work, and to please implement it in some computer algebra
> system so that you can see that (or so we can see where your mistake is),
> and you instead continue to post incomplete/incoherent copies of the same
> thing across multiple mediums - Reddit, this list, Bitcointalk, Medium,
> etc ad nauseum.
>
> It's distracting and offensive to people who have spent a lot of time and
> energy thinking about this stuff, and more importantly it causes confusion
> in the public eye. Phrasings like "weird hemming and hawing" suggest that
> we don't know/don't care about some insight you have, which is not true.
> This is why your posts are FUD.
>
> For example, in your linked post I looked at every single instance of the
> character 'k' and *not one of them* defined the value 'k' from which 'R'
> is derived in the signing procedure.
>
>
> Of course there is no possible value, individual signers cannot learn 'R'
> at signing time without interaction, and your whole scheme is broken. Given
> the number of times you've been told this, I find it hard to believe that
> this was an honest mistake.
>
>
>
> Andrew
>
>
>
> --
> Andrew Poelstra
> Research Director, Mathematics Department, Blockstream
> Email: apoelstra at wpsoftware.net
> Web: https://www.wpsoftware.net/andrew
>
> "Make it stop, my love; we were wrong to try
> Never saw what we could unravel in traveling light
> Nor how the trip debrides like a stack of slides
> All we saw was that time is taller than space is wide"
> --Joanna Newsom
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180905/c737fbbf/attachment-0001.html>;
π Original message:Correct, there is an interaction step to deduce G*k, when signing, each
participant has to publishes G*ki. I didn't talk about it. That doesn't
break it, but you're correct, it's not non-interactive.
On Wed, Sep 5, 2018 at 9:06 AM Andrew Poelstra <apoelstra at wpsoftware.net>
wrote:
> On Wed, Sep 05, 2018 at 08:26:14AM -0400, Erik Aronesty wrote:
> > Why would you call it FUD? All the weird hemming and hawing about it is
> > really strange to me. The more I look into it and speak to professors
> > about i, the more it seems "so trivial nobody really talks about it".
> >
> > 1. Generate an M of N shared public key (done in advance of signing ....
> > this gets you the bitcoin address)
> > 2. Generate signature fragments (this can be done offline, with no
> > communication between participants)
> >
> > Detailed explanation with code snippets:
> >
> >
> https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f
> >
>
> The hemming and hawing is because you've been repeatedly told that your
> scheme doesn't work, and to please implement it in some computer algebra
> system so that you can see that (or so we can see where your mistake is),
> and you instead continue to post incomplete/incoherent copies of the same
> thing across multiple mediums - Reddit, this list, Bitcointalk, Medium,
> etc ad nauseum.
>
> It's distracting and offensive to people who have spent a lot of time and
> energy thinking about this stuff, and more importantly it causes confusion
> in the public eye. Phrasings like "weird hemming and hawing" suggest that
> we don't know/don't care about some insight you have, which is not true.
> This is why your posts are FUD.
>
> For example, in your linked post I looked at every single instance of the
> character 'k' and *not one of them* defined the value 'k' from which 'R'
> is derived in the signing procedure.
>
>
> Of course there is no possible value, individual signers cannot learn 'R'
> at signing time without interaction, and your whole scheme is broken. Given
> the number of times you've been told this, I find it hard to believe that
> this was an honest mistake.
>
>
>
> Andrew
>
>
>
> --
> Andrew Poelstra
> Research Director, Mathematics Department, Blockstream
> Email: apoelstra at wpsoftware.net
> Web: https://www.wpsoftware.net/andrew
>
> "Make it stop, my love; we were wrong to try
> Never saw what we could unravel in traveling light
> Nor how the trip debrides like a stack of slides
> All we saw was that time is taller than space is wide"
> --Joanna Newsom
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180905/c737fbbf/attachment-0001.html>;