Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2022-07-28 📝 Original message:------- Original Message ...
📅 Original date posted:2022-07-28
📝 Original message:------- Original Message -------
On Thursday, July 28th, 2022 at 11:51 AM, Ali Sherief <ali at notatether.com> wrote:
> The way I understood the BIP, was that a user can do batch recovery or single-key recovery. Can you explain how it is possible to recover a public key from a single-key signature, because a few days earlier on the BIP-notatether-messageverify thread I was told (I think it was achow) that Schnorr doesn't allow for public key recovery.
No, BIP340, in its design decisions, had to choice to either support public key recovery, or support batch validation. We chose to support batch validation for a variety of reason. BIP340 does not in any way support key recovery.
> > > , just like BIP340).
> >
> > How so? Every taproot compatible wallet has a BIP340 implementation.
>
>
> I guess I made an assumption, since almost all of the wallets I have seen did not have a sign message feature, not even for legacy addresses.
I'm not talking about sign message, I'm talking about BIP340 for the purpose of transaction signing, as it's the signature scheme used in BIP341/BIP342.
My point being: for any prospective message signing feature, if the wallet supports taproot signing, they inevitably already have code to produce BIP340 signatures. If they don't support taproot signing, then message signing for it is irrelevant.
Cheers,
--
Pieter
📝 Original message:------- Original Message -------
On Thursday, July 28th, 2022 at 11:51 AM, Ali Sherief <ali at notatether.com> wrote:
> The way I understood the BIP, was that a user can do batch recovery or single-key recovery. Can you explain how it is possible to recover a public key from a single-key signature, because a few days earlier on the BIP-notatether-messageverify thread I was told (I think it was achow) that Schnorr doesn't allow for public key recovery.
No, BIP340, in its design decisions, had to choice to either support public key recovery, or support batch validation. We chose to support batch validation for a variety of reason. BIP340 does not in any way support key recovery.
> > > , just like BIP340).
> >
> > How so? Every taproot compatible wallet has a BIP340 implementation.
>
>
> I guess I made an assumption, since almost all of the wallets I have seen did not have a sign message feature, not even for legacy addresses.
I'm not talking about sign message, I'm talking about BIP340 for the purpose of transaction signing, as it's the signature scheme used in BIP341/BIP342.
My point being: for any prospective message signing feature, if the wallet supports taproot signing, they inevitably already have code to produce BIP340 signatures. If they don't support taproot signing, then message signing for it is irrelevant.
Cheers,
--
Pieter