📅 Original date posted:2018-09-11 📝 Original message:- Musig, by being M of M, ...

Erik Aronesty [ARCHIVE] /

npub1y22…taj0

2023-06-07 18:14:30

in reply to nevent1q…6y6y

📅 Original date posted:2018-09-11
📝 Original message:- Musig, by being M of M, is inherently prone to loss.

- Having the senders of the G*x pubkey shares sign their messages with the
associated private key share should be sufficient to prevent them from
using wagner's algorithm to attack the combined key. Likewise, the G*k
nonce fragments should also be signed with the pubkey shares.

On Tue, Sep 11, 2018 at 1:27 PM Gregory Maxwell <greg at xiph.org> wrote:

> On Tue, Sep 11, 2018 at 5:20 PM Erik Aronesty <erik at q32.com> wrote:
> > The security advantages of a redistributable threshold system are huge.
> If a system isn't redistributable, then a single lost or compromised key
> results in lost coins... meaning the system is essetntially unusable.
> >
> > I'm actually worried that Bitcoin releases a multisig that encourages
> loss.
>
> There is no "non- edistributiable multisig" proposed for Bitcoin
> anywhere that I am aware of.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180911/d39149db/attachment.html>;

Author Public Key

npub1y22yec0znyzw8qndy5qn5c2wgejkj0k9zsqra7kvrd6cd6896z4qm5taj0

Show more details

Published at

2023-06-07 18:14:30

Kind type

1 Short Text Note

Event JSON

{ "id": "4114141557eff48a4552fe5df69b9424d19d2635ffc192b3f3466195e2e19d40", "pubkey": "22944ce1e29904e3826d25013a614e4665693ec514003efacc1b7586e8e5d0aa", "created_at": 1686161670, "kind": 1, "tags": [ [ "e", "a251eaae7ce9abdb0800b64b88d4c4d7dd8b91a2f01bfd226d6555b5fa77597c", "", "root" ], [ "e", "9adfe18a61db03d0da39088234696ef58c81042453ed1bdb14a0ea56bb54c4da", "", "reply" ], [ "p", "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73" ] ], "content": "📅 Original date posted:2018-09-11\n📝 Original message:- Musig, by being M of M, is inherently prone to loss.\n\n- Having the senders of the G*x pubkey shares sign their messages with the\nassociated private key share should be sufficient to prevent them from\nusing wagner's algorithm to attack the combined key. Likewise, the G*k\nnonce fragments should also be signed with the pubkey shares.\n\n\n\nOn Tue, Sep 11, 2018 at 1:27 PM Gregory Maxwell \u003cgreg at xiph.org\u003e wrote:\n\n\u003e On Tue, Sep 11, 2018 at 5:20 PM Erik Aronesty \u003cerik at q32.com\u003e wrote:\n\u003e \u003e The security advantages of a redistributable threshold system are huge.\n\u003e If a system isn't redistributable, then a single lost or compromised key\n\u003e results in lost coins... meaning the system is essetntially unusable.\n\u003e \u003e\n\u003e \u003e I'm actually worried that Bitcoin releases a multisig that encourages\n\u003e loss.\n\u003e\n\u003e There is no \"non- edistributiable multisig\" proposed for Bitcoin\n\u003e anywhere that I am aware of.\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180911/d39149db/attachment.html\u003e", "sig": "18e412269d2c79d16f3b00647c8e5d9904cadc6090659c970806ef37010cd821f1298c654d058382b5572a7f729618bf8d5884e7ab271b4a754a32404879691c" }