Re: [bitcoindev] Allowing Duplicate Keys in BIP 390 musig() Expressions - 'Ava Chow' via Bitcoin Development Mailing List

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: "'Ava Chow' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
To: Nagaev Boris <bnagaev@gmail•com>
Cc: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] Allowing Duplicate Keys in BIP 390 musig() Expressions
Date: Tue, 03 Jun 2025 21:38:20 +0000	[thread overview]
Message-ID: <9a25e808-1821-404c-bd47-f0ab78bca936@achow101.com> (raw)
In-Reply-To: <CAFC_Vt5z+B+F=QOytZ96ptRFweX1aGBV-CXHqwv54UAyo_iiAw@mail.gmail.com>

Hi Boris,

BIP 327 explicitly allows for duplicate participant pubkeys, so as long 
as all signing procedures follow the BIP, everything will be fine. Also, 
BIP 327 explicitly warns against deterministic nonces for reasons 
unrelated to duplicate pubkeys.

Although, allowing duplicates does bring up an additional issue with the 
MuSig2 PSBT fields as these inherently do not allow duplicate pubkeys.

Ava

On 06/03/2025 02:26 PM, Nagaev Boris wrote:
> Hi Ava,
>
> Is it safe to allow multiple participants to have the same public key?
> If deterministic nonce generation is used (deriving each participant's
> nonce from the message, the set of public keys, and the participant's
> private key), duplicate public keys would lead to identical nonces.
>
> While this may not be catastrophic (since they are signing the same
> message and the private key likely can't be extracted) it still seems
> risky. Identical nonces can have unexpected consequences, and I'm not
> sure if all security assumptions would still hold.
>
> Curious what you think.
>
> Best,
> Boris
>
> On Tue, Jun 3, 2025 at 6:08 PM 'Ava Chow' via Bitcoin Development
> Mailing List <bitcoindev@googlegroups.com> wrote:
>> Hi All,
>>
>> In implementing musig() descriptor expressions, I realized that the
>> restriction "Repeated participant public keys are not allowed" is a bit
>> complicated to implement. While I don't see why anyone would want to
>> duplicate keys, MuSig2 does allow duplicate participant keys and
>> allowing them would make the implementation of musig() expressions much
>> easier. Thus I'd like to propose changing the BIP to remove this
>> restriction.
>>
>> Has anyone implemented musig() expressions yet with this restriction,
>> and would removing it be a significant breaking change to anyone? If
>> not, I'll make the change to the BIP in a few days.
>>
>> Thanks,
>>
>> Ava
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
>> To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/08dbeffd-64ec-4ade-b297-6d2cbeb5401c%40achow101.com.
>
>
> --
> Best regards,
> Boris Nagaev

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/9a25e808-1821-404c-bd47-f0ab78bca936%40achow101.com.

     prev parent reply	other threads:[~2025-06-03 21:40 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-03 21:07 'Ava Chow' via Bitcoin Development Mailing List
2025-06-03 21:26 ` Nagaev Boris
2025-06-03 21:38   ` 'Ava Chow' via Bitcoin Development Mailing List [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9a25e808-1821-404c-bd47-f0ab78bca936@achow101.com \
    --to=bitcoindev@googlegroups.com \
    --cc=bnagaev@gmail$(echo .)com \
    --cc=lists@achow101$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox