📅 Original date posted:2018-07-08 📝 Original message:On Sun, Jul 8, 2018, 07:26 ...

Pieter Wuille [ARCHIVE] /

npub1tje…tl6r

2023-06-07 18:13:41

in reply to nevent1q…5ql6

📅 Original date posted:2018-07-08
📝 Original message:On Sun, Jul 8, 2018, 07:26 Erik Aronesty via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:

> To save space, start with the wiki terminology on schnorr sigs.
>
> Consider changing the "e" term in the schnorr algorithm to hash of message
> (elligator style) to the power of r, rather than using concatenation.
>

This is a very vague description. Is there some paper you can reference, or
a more detailed explanation of the algorithm?

This would allow m of n devices to sign a transaction without any of them
> knowing a private key at all.
>
IE: each device can roll a random number as a share and the interpolation
> of that is the private key.
>
> The public shares can be broadcast and combines. And signature shares can
> be broadcast and combined.
>
> The net result of this is it really possible for an arbitrary set of
> devices to create a perfectly secure public-private key pair set.
>
At no point was the private key anywhere.
>

All of this sounds like a threshold signature scheme, which as Tim pointed
out is already possible with Schnorr.

What are the advantages of what you're describing?

Cheers,

--
Pieter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180708/396b25b7/attachment.html>;

Author Public Key

npub1tjephawh7fdf6358jufuh5eyxwauzrjqa7qn50pglee4tayc2ntqcjtl6r

Seen on

wss://relay.nostr.band

Show more details

Published at

2023-06-07 18:13:41

Kind type

1 Short Text Note

Event JSON

{ "id": "8598965a854ae62dfe9fb77d8f745478b176c40f9c03fa787a97b6bcd0989f9a", "pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6", "created_at": 1686161621, "kind": 1, "tags": [ [ "e", "5913947cd80c78b94322af07aff87080ecda6ad2abd7e1bd4a8b9634dfe27fca", "", "root" ], [ "e", "bb686046e2f2be30699366ee1715c6cec0ad3aab5ce301afeedf94ba8087f95b", "", "reply" ], [ "p", "22944ce1e29904e3826d25013a614e4665693ec514003efacc1b7586e8e5d0aa" ] ], "content": "📅 Original date posted:2018-07-08\n📝 Original message:On Sun, Jul 8, 2018, 07:26 Erik Aronesty via bitcoin-dev \u003c\nbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\n\u003e To save space, start with the wiki terminology on schnorr sigs.\n\u003e\n\u003e Consider changing the \"e\" term in the schnorr algorithm to hash of message\n\u003e (elligator style) to the power of r, rather than using concatenation.\n\u003e\n\nThis is a very vague description. Is there some paper you can reference, or\na more detailed explanation of the algorithm?\n\nThis would allow m of n devices to sign a transaction without any of them\n\u003e knowing a private key at all.\n\u003e\nIE: each device can roll a random number as a share and the interpolation\n\u003e of that is the private key.\n\u003e\n\u003e The public shares can be broadcast and combines. And signature shares can\n\u003e be broadcast and combined.\n\u003e\n\u003e The net result of this is it really possible for an arbitrary set of\n\u003e devices to create a perfectly secure public-private key pair set.\n\u003e\nAt no point was the private key anywhere.\n\u003e\n\nAll of this sounds like a threshold signature scheme, which as Tim pointed\nout is already possible with Schnorr.\n\nWhat are the advantages of what you're describing?\n\nCheers,\n\n-- \nPieter\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180708/396b25b7/attachment.html\u003e", "sig": "c47f4b9173c5d5721b8ab725821f0fb178dc9605f4f2f59875a6d4cdf6bd0f0c0eadfc62442cdc3c3c471d562ac8b5367c2e7f5695518ebbe97d135dd2637706" }