--- Log opened Wed Jul 20 00:00:26 2022
01:53 -!- darosior6 [~darosior@194.36.189.246] has joined #secp256k1
01:54 -!- darosior [~darosior@194.36.189.246] has quit [Ping timeout: 256 seconds]
01:54 -!- darosior6 is now known as darosior
03:05 < elichai2> real_or_random: do you know if https://eprint.iacr.org/2021/1055 does deterministic signatures even across different subsets of signers? (as this is a threshold scheme and not a multisig scheme)
03:10 < elichai2> (it seems to me like it's not because each party has it's own nonce key for the PRF)
06:10 < instagibbs> elichai2, "even across" hm?
06:10 < instagibbs> feel like a word is missing
06:21 < elichai2> instagibbs: I mean that even if different subsets sign on the same message they'll end up with the exact same signature
06:22 < instagibbs> ahh that does parse, my brain just filtered that one hehe
07:17 < real_or_random> so apparently using the library by including it is not so unrealistic ... at least people do this for -zkp https://github.com/ElementsProject/secp256k1-zkp/pull/194#issuecomment-1189006602
07:17 < real_or_random> sipa: I think we recently talked about this
07:19 < real_or_random> elichai2: IIRC then I found it confusing that they call this a threshold scheme. I think they write threshold but it only support n-of-n
07:19 < real_or_random> though I think it does not support spontaneous key gen (multi-sig style) either 
07:21 < sipa> real_or_random: Re including the library directly... another good reason to optimize for having as much of the configuration (at least by default) be done from inside the C code rather than external configure scripts.
07:21 < real_or_random> indeed
07:21 < sipa> Oh, now I remember - it was exactly in that context that this came up.
07:21 < elichai2> real_or_random: From what I understood they support threshold with t+1 signers, but the signing isn't really "deterministic". it's random and stateless without requiring fresh randomness but it's not deterministic in the black box sense (if I ask for 2 signatures they might be different if different subsets signed the message)
07:21 < real_or_random> though if we really wanted to support this, we'd need prefixes for every identifier
07:22 < sipa> About whether we want some secp256k1-specific prefix for external configuration of the library.
07:23 < real_or_random> elichai2: you mean it's not a "unique" signature scheme, yes
07:29 -!- halosghost [~halosghos@user/halosghost] has joined #secp256k1
07:29 < elichai2> real_or_random: yes :)
10:02 -!- michaelfolkson2 is now known as michaelfolkson
17:39 -!- halosghost [~halosghos@user/halosghost] has quit [Quit: WeeChat 3.6]
18:43 -!- cfields_ [~cfields@user/cfields] has quit [Ping timeout: 256 seconds]
18:58 -!- cfields [~cfields@user/cfields] has joined #secp256k1
22:36 -!- ghost43_ [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection]
22:36 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #secp256k1
--- Log closed Thu Jul 21 00:00:27 2022