On Wed, Oct 01, 2025 at 07:24:50AM -0700, waxwing/ AdamISZ wrote:
> Hi all,
> 
> https://github.com/AdamISZ/schnorr-unembeddability/
> 
> Here I'm analyzing whether the following statement is true: "if you can 
> embed data into a (P, R, s) tuple (Schnorr pubkey and signature, BIP340 
> style), without grinding or using a sidechannel to "inform" the reader, you 
> must be leaking your private key".
> 
> See the abstract for a slightly more fleshed out context.
> 
> I'm curious about the case of P, R, s published in utxos to prevent usage 
> of utxos as data. I think this answers in the half-affirmative: you can 
> only embed data by leaking the privkey so that it (can) immediately fall 
> out of the utxo set.
> 
> (To emphasize, this is different to the earlier observations (including by 
> me!) that just say it is *possible* to leak data by leaking the private 
> key; here I'm trying to prove that there is *no other way*).

You can probably use timelock encryption to ensure that the leak of the private
key only happens in the future, after the funds are recovered by the owner in a
subsequent transaction.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/aN_OlgvB-Co1BL19%40petertodd.org.