Why would you call it FUD?   All the weird hemming and hawing about it is
really strange to me.  The more I look into it and speak to professors
about i, the more it seems "so trivial nobody really talks about it".

1. Generate an M of N shared public key (done in advance of signing ....
this gets you the bitcoin address)
2. Generate signature fragments (this can be done offline, with no
communication between participants)

Detailed explanation with code snippets:

https://medium.com/@simulx/an-m-of-n-bitcoin-multisig-scheme-e7860ab34e7f



On Sun, Sep 2, 2018 at 8:05 PM Andrew Poelstra <apoelstra@wpsoftware.net>
wrote:

> On Wed, Aug 29, 2018 at 08:09:36AM -0400, Erik Aronesty wrote:
> > Note:
> >
> > This spec cannot be used directly with a shamir scheme to produce
> > single-round threshold multisigs, because shares of point R would need to
> > be broadcast to share participants in order to produce valid single
> > signatures.
> >
> > (R, s) schemes can still be used "online", if share participants publish
> > the R(share).... but, not sure if it matter much, this choice eliminates
> > offline multiparty signing in exchange for batch validation.
> >
>
> Please stop with this FUD. No tradeoff was made. There are no
> non-interactive
> Schnorr signatures.
>
>
> Andrew
>
>
> --
> Andrew Poelstra
> Mathematics Department, Blockstream
> Email: apoelstra at wpsoftware.net
> Web:   https://www.wpsoftware.net/andrew
>
> "A goose alone, I suppose, can know the loneliness of geese
>  who can never find their peace,
>  whether north or south or west or east"
>        --Joanna Newsom
>
>