--- Log opened Thu Jan 25 00:00:39 2024
01:12 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
01:45 -!- Chris_Stewart_5 [~Chris_Ste@static-68-235-44-8.cust.tzulo.com] has quit [Ping timeout: 276 seconds]
01:46 -!- Chris_Stewart_5 [~Chris_Ste@static-68-235-44-9.cust.tzulo.com] has joined #bitcoin-wizards
02:26 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Quit: Leaving]
02:27 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #bitcoin-wizards
02:35 -!- deusexbeer [~deusexbee@188.170.87.37] has quit [Quit: Konversation terminated!]
02:54 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #bitcoin-wizards
03:09 -!- deusexbeer [~deusexbee@2a03:d000:84:5a33:dbc2:c595:4916:9244] has joined #bitcoin-wizards
04:48 -!- the_mariner [~Thunderbi@2804:7f7:e18e:3341:fcce:6464:134c:1fd8] has joined #bitcoin-wizards
05:12 -!- Jackielove4u [uid43977@user/jackielove4u] has joined #bitcoin-wizards
05:19 -!- the_mariner [~Thunderbi@2804:7f7:e18e:3341:fcce:6464:134c:1fd8] has quit [Ping timeout: 246 seconds]
05:19 -!- the_mariner [~Thunderbi@2804:7f7:e18e:3341:fcce:6464:134c:1fd8] has joined #bitcoin-wizards
05:22 -!- brunoerg [~brunoerg@177.172.65.50] has joined #bitcoin-wizards
05:37 < stevenroose> I might have asked this question here before, but I don't see history somehow. If you want to sign for a taproot that has a musig internal key and a taptweak, how does that work? In Sanket's secp-zkp API there is something about "adaptor" sigs, I'm not 100% what that means exactly, but it's something with tweaks as well.. Is that what I have to do? Do I have to create an adaptor point from
05:37 < stevenroose> the tapweak scalar?
06:07 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 264 seconds]
06:08 < real_or_random> stevenroose: which API? rust?
06:09 < _aj_> stevenroose: https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/include/secp256k1_musig.h#L282-L284 probably
06:09 < real_or_random> stevenroose: you certainly won't need adaptor sigs. this is an extension for "scriptless scripts", see https://bitcoinops.org/en/topics/adaptor-signatures/
06:10 < real_or_random> and yep, the method _aj_ mentions should be right one, but I don't know how that one is wrapped in the rust bindings
06:29 < stevenroose> yeah the Rust wrapper for that
06:31 < stevenroose> Oh interesting, I missed that method
06:32 < stevenroose> But wait, how does signing work then?
06:32 < stevenroose> > This function is required if you want to sign for a tweaked aggregate key. 
06:33 < stevenroose> But it gives you a public key.. Does it mean that if all signers just do the keytweak in the signing process, the produces partial and aggregate signatures just magically work for the tweaked output key?
06:36 < stevenroose> real_or_random, _aj_ : ??
06:39 < stevenroose> from the adaptors page: "Alternatively, when combined with the hidden value, the adaptor reveals the signature.", I thought that was what happened: the internal key signs a presignature with musig and the taptweak is the "secret" to build the actual signature
06:47 < _aj_> stevenroose: it stores the info in keyagg_cache, and reuses it in musig_partial_sig_agg, i think
06:48 < _aj_> oh, no i'm confusing cache and session?
06:48 < _aj_> maybe it moves from cache to session in musig_nonce_process? not sure
06:54 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
06:58 -!- jax37sec_ [~jax37sec@80.241.218.101] has quit [Quit: ZNC 1.8.2+deb3.1 - https://znc.in]
06:59 -!- jax37sec [~jax37sec@80.241.218.101] has joined #bitcoin-wizards
07:02 -!- pablomartin4btc [~pablomart@185.61.158.28] has joined #bitcoin-wizards
07:06 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #bitcoin-wizards
07:11 -!- Guyver2 [~Guyver@77-174-98-73.fixed.kpn.net] has joined #bitcoin-wizards
07:19 -!- the_mariner [~Thunderbi@2804:7f7:e18e:3341:fcce:6464:134c:1fd8] has quit [Ping timeout: 256 seconds]
07:29 < real_or_random> stevenroose: this is entirely unrelated to adaptor signatures.
07:30 < real_or_random> and yes, it's sotred in the keyagg cache
07:30 < real_or_random> and yes, all signers do the key tweaking
07:30 < real_or_random> the example code may be helpful https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/examples/musig.c
07:41 < real_or_random> every signer 1) aggregates some keys to obtain an aggregate pubkey and a keyagg cache. then every signer 2)  tweaks this aggregated pubkey, which gives them the tweaked pubkey and an updated keyagg cache. 3) then they sign with the help of the keyagg cache. (the keyagg cache is an API data structure representing the information necessary to sign... basically it keeps track of how the pubkey was created and tweaked)
08:13 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
08:14 < Ademan_> stevenroose: you're welcome to use my musig psbt code as a reference, it does work. I was hoping I could adapt it to address your use case before you got too far but everyone in my house got sick, plus day job got in the way lol
08:15 < Ademan_> (and I still want review ;-) )
08:15 -!- the_mariner [~Thunderbi@2804:7f7:e18e:3341:fcce:6464:134c:1fd8] has joined #bitcoin-wizards
08:17 < stevenroose> real_or_random: oh ok that's magical somehow :p yeah it's weird it's in the keyaggcache and not the MusigSession struct (not sure if that's the same in not-rust secp), but ok, I think I get it. I just got a "invalid schnorr signature" error from the mempool, so I'll have to dig deeper. The example code helped, thanks
08:19 -!- Ademan [~ademan@47.185.95.178] has joined #bitcoin-wizards
08:20 < Ademan_> ugh, really need to hard wire my pc
08:23 -!- Guyver2_ [Guyver@77-174-98-73.fixed.kpn.net] has joined #bitcoin-wizards
08:25 < real_or_random> the keyagg_cache is the blob for creating pubkeys (aggregation and tweaking), the session is the blob for signing
08:26 < real_or_random> imagine signing two messages under the same tweaked aggregate pubkey... you wouldn't want to recompute the pubkey 
08:26 -!- Guyver2 [~Guyver@77-174-98-73.fixed.kpn.net] has quit [Ping timeout: 264 seconds]
08:35 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #bitcoin-wizards
08:59 < Ademan_> on the topic, it's not quite clear to me how to sign for a key spend when you do a bip32 derivation. you'd do a series of secp256k1_musig_pubkey_ec_tweak_add but then at the end you need the xonly pubkey, do you have to ensure the last tweak is made using secp256k1_musig_pubkey_xonly_tweak_add ?
09:00 < Ademan_> for instance, signing a script path spend for musig(KEY_A, KEY_B)/1/2/3   would 1 and 2 be applied with secp256k1_musig_pubkey_ec_tweak_add then 3 with secp256k1_musig_pubkey_xonly_tweak_add ?
09:01 < real_or_random> see the example code
09:05 < Ademan_> maybe I'm missing it, but I don't see how that addresses my question. It vaguely references bip32 in the same way the docs for secp256k1_musig_pubkey_ec_tweak_add do.
09:25 < Ademan_> maybe this betrays an ignorance of bip32 in taproot on my part actually...
09:26 < stevenroose> real_or_random: I see that, but I was just confused that only the pubkeys have to be tweaked to have a valid signature for the tweaked agg pk. But ok, I'm trying that :)
09:38 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
09:44 < real_or_random> stevenroose: okay, yeah, so keyagg cache will tell signing function how to tweak the secret keys
10:07 -!- jonatack [~jonatack@user/jonatack] has joined #bitcoin-wizards
10:22 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #bitcoin-wizards
10:56 -!- jess [meow@libera/staff/cat/jess] has quit []
10:58 -!- jess [meow@libera/staff/cat/jess] has joined #bitcoin-wizards
11:23 -!- Ademan [~ademan@47.185.95.178] has quit [Quit: leaving]
11:29 -!- brunoerg [~brunoerg@177.172.65.50] has quit [Remote host closed the connection]
11:30 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
11:45 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #bitcoin-wizards
11:46 -!- tusko [~xoxoxo@user/tusko] has joined #bitcoin-wizards
11:49 -!- vysn [~vysn@user/vysn] has quit [Remote host closed the connection]
11:54 -!- Ademan [~ademan@47.185.95.178] has joined #bitcoin-wizards
12:05 -!- the_mariner [~Thunderbi@2804:7f7:e18e:3341:fcce:6464:134c:1fd8] has quit [Ping timeout: 256 seconds]
12:05 -!- brunoerg [~brunoerg@2804:14c:311:80eb:443d:2b7c:f249:aaec] has joined #bitcoin-wizards
12:26 -!- brunoerg [~brunoerg@2804:14c:311:80eb:443d:2b7c:f249:aaec] has quit [Remote host closed the connection]
12:27 -!- brunoerg [~brunoerg@2804:14c:311:80eb:443d:2b7c:f249:aaec] has joined #bitcoin-wizards
12:31 -!- the_mariner [~Thunderbi@2804:7f7:e18e:3341:fcce:6464:134c:1fd8] has joined #bitcoin-wizards
12:52 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 246 seconds]
12:54 -!- Zenton [~user@user/zenton] has joined #bitcoin-wizards
13:30 -!- tusko [~xoxoxo@user/tusko] has quit [Ping timeout: 255 seconds]
13:31 -!- Ademan [~ademan@47.185.95.178] has quit [Quit: leaving]
13:32 -!- tusko [~xoxoxo@user/tusko] has joined #bitcoin-wizards
13:42 -!- Ademan [~ademan@47.185.95.178] has joined #bitcoin-wizards
14:04 -!- brunoerg [~brunoerg@2804:14c:311:80eb:443d:2b7c:f249:aaec] has quit [Remote host closed the connection]
14:05 -!- brunoerg [~brunoerg@189.120.72.118] has joined #bitcoin-wizards
14:24 -!- Guyver2_ [Guyver@77-174-98-73.fixed.kpn.net] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
14:41 -!- brunoerg [~brunoerg@189.120.72.118] has quit [Remote host closed the connection]
14:43 -!- brunoerg [~brunoerg@2804:14c:311:80eb:443d:2b7c:f249:aaec] has joined #bitcoin-wizards
15:22 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
15:24 < stevenroose> real_or_random: makes sense. once it lands, I'm planning to do some kind of example file in rust-bitcoin to do actual musig key- and script-spends of taproots
15:24 < stevenroose> with musig I mean
15:55 -!- brunoerg [~brunoerg@2804:14c:311:80eb:443d:2b7c:f249:aaec] has quit [Remote host closed the connection]
16:22 -!- jonatack [~jonatack@user/jonatack] has joined #bitcoin-wizards
16:50 -!- brunoerg [~brunoerg@177.172.65.50] has joined #bitcoin-wizards
17:24 -!- brunoerg [~brunoerg@177.172.65.50] has quit [Remote host closed the connection]
17:25 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
17:28 -!- jon_atack [~jonatack@user/jonatack] has joined #bitcoin-wizards
17:29 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 256 seconds]
17:30 -!- jonatack [~jonatack@user/jonatack] has quit [Ping timeout: 256 seconds]
17:43 -!- the_mariner [~Thunderbi@2804:7f7:e18e:3341:fcce:6464:134c:1fd8] has quit [Ping timeout: 264 seconds]
17:46 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
17:46 < stevenroose> real_or_random: does the tweak also have to be added to the keyaggcache before nonce generation?
17:48 < stevenroose> > Musig2 nonces can be precomputed without knowing the aggregate public key, the message to sign. See the new_nonce_pair method that allows generating MusigSecNonce and MusigPubNonce with only the session_id field.
17:49 < stevenroose> I'm using the `nonce_gen` method on the KeyAggCache struct, before I add the taptweak to the cache. I'd think that should be ok since it says nonces don't need to know that.
17:51 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 268 seconds]
17:56 < stevenroose> Also, I hear that pubkey order during aggregation is important. Is nonce aggregation order also?
18:13 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
19:20 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 260 seconds]
19:42 -!- brunoerg [~brunoerg@177.172.65.50] has joined #bitcoin-wizards
19:46 -!- brunoerg [~brunoerg@177.172.65.50] has quit [Ping timeout: 260 seconds]
19:59 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
20:03 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 240 seconds]
20:33 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
20:40 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 256 seconds]
20:47 -!- pablomartin4btc [~pablomart@185.61.158.28] has quit [Remote host closed the connection]
21:09 -!- bitdex [~bitdex@gateway/tor-sasl/bitdex] has joined #bitcoin-wizards
21:10 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
21:15 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 264 seconds]
21:43 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
21:47 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 246 seconds]
22:16 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
22:22 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 256 seconds]
22:38 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
23:04 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 256 seconds]
23:33 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has joined #bitcoin-wizards
23:38 -!- brunoerg [~brunoerg@2804:1b3:a001:1563:c9e9:40cb:3649:7270] has quit [Ping timeout: 255 seconds]
23:42 -!- zato [~zato@user/zato] has joined #bitcoin-wizards
--- Log closed Fri Jan 26 00:00:40 2024