--- Log opened Thu Aug 19 00:00:42 2021
01:32 -!- robertspigler [~robertspi@2001:470:69fc:105::2d53] has quit [Quit: Bridge terminating on SIGTERM]
01:32 -!- eli[m] [~elinixbit@2001:470:69fc:105::ba64] has quit [Quit: Bridge terminating on SIGTERM]
01:36 -!- eli[m] [~elinixbit@2001:470:69fc:105::ba64] has joined #secp256k1
01:50 -!- robertspigler [~robertspi@2001:470:69fc:105::2d53] has joined #secp256k1
02:51 -!- jonatack [~jonatack@user/jonatack] has joined #secp256k1
03:55 < real_or_random> I believe we had hit a compiler bug in the past but we simply suppressed the (wrong) warning... ^^ https://github.com/bitcoin-core/secp256k1/pull/969
03:55 < real_or_random> no worries, just in test code
03:56 < real_or_random> second commit in this PR
04:42 < waxwing> is there a digital signature scheme which doesn't have the nonce-fragility "feature"? :) istr arcieri had some project about removing nonce fragility, though i don't remember anything about it
04:43 < waxwing> it's interesting that the reason you can easily prove it's sound is precisely because you can break it if you have the nonce
05:01 < gmaxwell> sure, just use a BLS signature.
05:01 < gmaxwell> it's not possible in the plain discrete log setting.
05:27 < real_or_random> I don't think you can claim it's not possible
05:28 < real_or_random> I mean, what's the nonce-fragility thing anyway? Derandomized Schnorr sigs are not fragile :p
05:55 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Ping timeout: 240 seconds]
06:08 -!- luke-jr [~luke-jr@user/luke-jr] has joined #secp256k1
06:31 < waxwing> i guess it's like (nonce leakage => secret leakage) => strong fresh randomness per signature requirement. and the latter causes unbounded amounts of problems.
06:32 < waxwing> yeah derandomized is "the" solution and then ends up being the problem as it's really hard for people to comprehend that there are scenarios where it doesn't work, like this musig one.
06:43 < real_or_random> yeah, I think all direct way to build signatures from DL end up with this problem
06:45 < real_or_random> but that's not a very precise statement, so I'm not sure if it's worth anything
06:45 < real_or_random> even if you could formalize that "direct" formal and say you want to build multisigs (instead of simple signatures), MuSig-DN may be a counterexample
06:45 < real_or_random> or the concatenation of individual schnorr sigs is a counterexample :P
06:46 < sipa> even half-aggregated ones
06:46 < real_or_random> how so?
06:46 < real_or_random> lamport sigs with DL as one-way function :P 
06:48 < sipa> half aggregated rfc6979 schnorr signatures are also robust, i think?
06:48 < sipa> as each contributor provides their own R
06:48 < real_or_random> ah yes, that's what you mean
06:48 < real_or_random> yep, interesting
06:49 < real_or_random> I never thought of half-aggregation as a multisig scheme
06:53 -!- lukedashjr [~luke-jr@user/luke-jr] has joined #secp256k1
06:54 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Ping timeout: 268 seconds]
06:55 -!- lukedashjr is now known as luke-jr
06:56 < sipa> well, it's more!
06:56 < real_or_random> yep
12:00 -!- Netsplit *.net <-> *.split quits: sanket1729, BlueMatt, lightningbot
12:01 -!- Netsplit over, joins: BlueMatt, sanket1729
12:02 -!- lightningbot [lightningb@cerulean.erisian.com.au] has joined #secp256k1
12:03 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has quit [Client Quit]
12:03 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has joined #secp256k1
12:44 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Read error: Connection reset by peer]
12:46 -!- luke-jr [~luke-jr@user/luke-jr] has joined #secp256k1
14:28 -!- lukedashjr [~luke-jr@user/luke-jr] has joined #secp256k1
14:29 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Ping timeout: 258 seconds]
14:30 -!- lukedashjr is now known as luke-jr
14:34 -!- lukedashjr [~luke-jr@user/luke-jr] has joined #secp256k1
14:37 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Ping timeout: 240 seconds]
14:37 -!- lukedashjr is now known as luke-jr
18:22 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 252 seconds]
18:34 -!- belcher [~belcher@user/belcher] has joined #secp256k1
--- Log closed Fri Aug 20 00:00:43 2021