Re: [bitcoin-dev] Proposed BIP for MuSig2 PSBT Fields

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Jonas Nick <jonasd.nick@gmail•com>
To: Anthony Towns <aj@erisian•com.au>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>,
	Andrew Chow <lists@achow101•com>
Subject: Re: [bitcoin-dev] Proposed BIP for MuSig2 PSBT Fields
Date: Thu, 12 Oct 2023 07:43:21 +0000	[thread overview]
Message-ID: <fd7bf294-8f5a-48fc-a415-1f1706b51434@gmail.com> (raw)
In-Reply-To: <ZSc0Luwg3rpNvkfJ@erisian.com.au>

It is true that BIP 327 ("MuSig2") does not include adaptor signatures. The
rationale behind this decision was as follows:
- the BIP is already long and complicated enough without adaptor signatures; it
   should be possible to propose a separate adaptor signature BIP on top in a
   modular fashion
- as far as I know, there's no security proof except for a hard-to-follow sketch
   that I wrote a few years ago [0]
- at the time, there seemed to be a higher demand for single-signer adaptor
   signatures

In spite of the missing specification, we added some version of adaptor
signatures to the libsecp256k1-zkp MuSig2 module in order to allow
experimentation.

As for standardizing MuSig2 adaptor signatures, it seems noteworthy that there
exist alternative designs to the implementation in the libsecp256k1-zkp module:
the current libsecp256k1-zkp PR for (single-signer) Schnorr adaptor signatures
[1] uses a slightly different API. Instead of sending the adaptor point along
with the adaptor signature, the point is extracted from an adaptor signature.
This simplifies the API and reduces communication at the cost of making batch
verification of multiple adaptor sigs impossible.

[0] https://github.com/BlockstreamResearch/scriptless-scripts/pull/24
[1] https://github.com/BlockstreamResearch/secp256k1-zkp/pull/268

     prev parent reply	other threads:[~2023-10-12  7:43 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-10 22:28 Andrew Chow
2023-10-11 23:47 ` Anthony Towns
2023-10-11 23:59   ` Andrew Chow
2023-10-12  7:39     ` Anthony Towns
2023-10-12  7:43   ` Jonas Nick [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fd7bf294-8f5a-48fc-a415-1f1706b51434@gmail.com \
    --to=jonasd.nick@gmail$(echo .)com \
    --cc=aj@erisian$(echo .)com.au \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=lists@achow101$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox