kalle on Nostr: Just read the disclosure of a severe vulnerability in libbitcoin's `bx` tool that ...
Just read the disclosure of a severe vulnerability in libbitcoin's `bx` tool that limits seed entropy to 32 bits.
https://milksad.info/disclosure.html
Got me wondering about security of various multi/threshold signature wallets.
Traditional OP_CHECKMULTISIG adds one bit of entropy for each extra signer, given that the individual pubkeys are disclosed. A 2of2 multisig would be 33 bits of entropy and also easily identifiable as vulnerable once a spending tx is published.
But using taproot and musig2, the individual pubkeys are not disclosed, so the number of bits is doubled for each extra sig. A 2of2 multisig would be 64 bits of entropy, and not easily identifiable as vulnerable.
Amirite? Murch (npub1j5m…sd5c) waxwing (npub1vad…nuu7)
Haven't thought about musig2 this way before. It's a belts and suspenders type of thing in case entropy turns out to suck.
https://milksad.info/disclosure.html
Got me wondering about security of various multi/threshold signature wallets.
Traditional OP_CHECKMULTISIG adds one bit of entropy for each extra signer, given that the individual pubkeys are disclosed. A 2of2 multisig would be 33 bits of entropy and also easily identifiable as vulnerable once a spending tx is published.
But using taproot and musig2, the individual pubkeys are not disclosed, so the number of bits is doubled for each extra sig. A 2of2 multisig would be 64 bits of entropy, and not easily identifiable as vulnerable.
Amirite? Murch (npub1j5m…sd5c) waxwing (npub1vad…nuu7)
Haven't thought about musig2 this way before. It's a belts and suspenders type of thing in case entropy turns out to suck.