--- Log opened Sun Apr 25 00:00:36 2021
01:48 -!- Guest26781 [sid301948@gateway/web/irccloud.com/x-enkekiwnhjplxzfp] has quit []
01:48 -!- Guest26781 [sid301948@gateway/web/irccloud.com/x-tobmrpijmzrelnsy] has joined #secp256k1
01:49 -!- Guest26781 [sid301948@gateway/web/irccloud.com/x-tobmrpijmzrelnsy] has quit [Client Quit]
01:49 -!- RubenSomsen [sid301948@gateway/web/irccloud.com/x-csbjmecfzclgtpfc] has joined #secp256k1
02:55 -!- snowflake [~snowflake@gateway/tor-sasl/snowflake] has quit [Ping timeout: 240 seconds]
02:56 -!- snowflake [~snowflake@gateway/tor-sasl/snowflake] has joined #secp256k1
04:50 < waxwing> in musig2 you make an aggregate pubkey (sigma a_i P_i kind of thing), how do you address that you can't control whether the final sum has even y or not? (because aiui the verify algo in BIP340 requires P has even y).
04:50 < waxwing> and i guess same question about aggregate nonce
05:40 < roconnor> Once the participants jointy compute their aggregate pubkey (and optionally tweek it) they can see if the final pubkey needs to be negated to force an even y coordinate or not.
05:42 < roconnor> If the final pubkey needed to be negated then they remember this when making a signature and negate the private key term in their partial signature they create.
05:43 < roconnor> At least this is what I've been assuming.
05:51 < waxwing> i see, yeah that looks like it works i think .. and same would go for nonce, you could negate if (sigma b_i R_i) ends up not even y
05:52 < waxwing> i.e. basically negate all the individual elements of the sum to get the whole thing to be negated
08:38 < roconnor> Minor related musig2-taproot bikeshed question:  Are we planning to use musig pubkey aggregation to create an x-only pubkey and then tweak that to get a x-only taproot key, or are we planning to use musig pubkey aggregation to create a pubkey and then tweek that and convert it to an x-only pubkey?
08:40 < roconnor> I suppose a careful reading of BIP-341 suggests that both the taproot output key and the taproot internal keys are xonly pubkeys.
08:40 < roconnor> thus musig2-taproot must use the former.
11:18 -!- deusexbeer [~deusexbee@079-170-137-238-dynamic-pool-adsl.wbt.ru] has quit [Ping timeout: 246 seconds]
17:01 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #secp256k1
17:04 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 240 seconds]
17:11 -!- belcher_ is now known as belcher
--- Log closed Mon Apr 26 00:00:37 2021