Re: [bitcoin-dev] Zero-knowledge proofs e.g. Schnorr are incompatible with address signing without compromise

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Pieter Wuille <bitcoin-dev@wuille•net>
To: Ali Sherief <ali@notatether•com>
Cc: "bitcoin-dev@lists•linuxfoundation.org"
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Zero-knowledge proofs e.g. Schnorr are incompatible with address signing without compromise
Date: Thu, 28 Jul 2022 15:58:03 +0000	[thread overview]
Message-ID: <3CQzcfbQ1qjdBAAViGbW7aXwJBWv3uov0YNHAHS0xtMCLxodi6veZDTIygYXj_P8JrT15hgupZUBah0HLw3B6GjvegZYv52gHUSBy8tCk-E=@wuille.net> (raw)
In-Reply-To: <ltMy8y1N-J_DQ0rQiKcb1fkiBkd9PcLX6B4W_TZ6i7bdmNWQMXJ0h2fet6DFKvllyH0QNzzVnqMpxT3vMgxdwJKOfsUKf8lS5P5sTC4-3j8=@notatether.com>

------- Original Message -------
On Thursday, July 28th, 2022 at 11:51 AM, Ali Sherief <ali@notatether•com> wrote:

> The way I understood the BIP, was that a user can do batch recovery or single-key recovery. Can you explain how it is possible to recover a public key from a single-key signature, because a few days earlier on the BIP-notatether-messageverify thread I was told (I think it was achow) that Schnorr doesn't allow for public key recovery.

No, BIP340, in its design decisions, had to choice to either support public key recovery, or support batch validation. We chose to support batch validation for a variety of reason. BIP340 does not in any way support key recovery.

> > > , just like BIP340).
> >
> > How so? Every taproot compatible wallet has a BIP340 implementation.
>
>
> I guess I made an assumption, since almost all of the wallets I have seen did not have a sign message feature, not even for legacy addresses.

I'm not talking about sign message, I'm talking about BIP340 for the purpose of transaction signing, as it's the signature scheme used in BIP341/BIP342.

My point being: for any prospective message signing feature, if the wallet supports taproot signing, they inevitably already have code to produce BIP340 signatures. If they don't support taproot signing, then message signing for it is irrelevant.

Cheers,

--
Pieter

     prev parent reply	other threads:[~2022-07-28 15:58 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-28  7:27 Ali Sherief
2022-07-28 15:27 ` Pieter Wuille
2022-07-28 15:51   ` Ali Sherief
2022-07-28 15:58     ` Pieter Wuille [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='3CQzcfbQ1qjdBAAViGbW7aXwJBWv3uov0YNHAHS0xtMCLxodi6veZDTIygYXj_P8JrT15hgupZUBah0HLw3B6GjvegZYv52gHUSBy8tCk-E=@wuille.net' \
    --to=bitcoin-dev@wuille$(echo .)net \
    --cc=ali@notatether$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox