I realized that it is possible to make a 1 of 1 musig. Since the API still allows you to adjust via an adapter as with PTLCs, I was wondering what uses a 1 of 1 musig could have. Answers should not necessarily be limited to uses in Bitcoin.
- Why is the Musig firm always interactive?
- Let's say I have a multigrade Musig wallet where the keys are stored in safe places without Internet access. What are some methods to sign from these secure and offline locations given the restrictions of musical interactivity?
The nonces should not be reused! In particular, in MuSig, the nonces can not be reused.
for other combinations of public keys or messages (also if everyone uses the
same public speeches all the time). This would filter the private keys.
You share the new nonces files in advance by running several rounds of signatures in parallel.
With the library you join
(secp256k1-zkp) this is
sure while keeping session states in memory and not copying them.
Serialization of the state and its storage in a persistent medium is not compatible with
secp256k1-zkp and difficult to correct, because if you accidentally use the
If not, filter the private key.
A simple way to eliminate the overload of the first two interactions
The rounds are attaching the commitment of nonce and nonce to those already existing.
Messages in your protocol. That way you would only have two parallel signatures.
Research is being done on deterministic issues for MuSig that have
Evidence of zero knowledge that the nonce is correctly derived. With such tests
The requests can be derived from the set of signatories, their private key and the
message and there is no status to track.
I am studying the MuSig protocol and I have problems to capture certain segments. This is my understanding so far:
In the current Bitcoin CHECKMULTISIG format, the size of the signature grows linearly with the number of additional "m" signers. The way in which CHECKMULTISIG works is that each signer produces its own independent signature, and we incorporate all these individual values in the scriptsig. Therefore, a 3 of 5 unlock script could read [sig 1][sig 2][sig 5]… for simplicity, I will call this compilation of all individual sig values the "group signature". In the given example, this signature field would be 3 times the length of a standard P2PKH.
In a "naive" Schnorr multiple signature scheme, instead of eliminating all potential public keys and [much larger] By signing the group in the block chain for the verifier calculation, we can make the signers interactively add their individual public keys in a pre-admission phase to obtain a single "aggregate" key, which is read as a synonym for a key traditional public An external member could send BTC to this aggregated key, where it would be controlled by the group members. For the group to spend, each party will create a partial signature with their unique personal keys and interactively add all these signature values to create a group signature. At this point, we are left with a group signature (which is the size of a basic P2PKH signature) and an aggregate public key that is added to the block chain, which gives us great space savings. However, this scheme is insecure unless it operates under a KOSK model. We turn to another variant of Schnorr, MuSig, which can offer key aggregation securely while operating in the context of a simple public key.
The publication of the Blockstream blog of 2018 says:
Instead of limiting ourselves to one signature per entry, we can obtain a signature for the entire transaction. The aggregation of keys can not be used through multiple entries, since the outputs are committed to public keys, and can be spent independently.
I'm having trouble understanding this paragraph. I suppose you should refer to each key added in scriptsig, since the scriptpubkey of the previous sender would have required tests to unlock the tax. I'm struggling to understand how the added signature is achieved in various ticket parts.
Disclaimer: this question has a theoretical importance for me, try to better educate myself about the cryptographic principles and the signature schemes. I do not mean to imply that, in practice, schnorr signatures are less secure than the current 2-2 multisig transactions / scripts.
I am currently reading the document of musig and about scripts without a script. In my opinion, an important common idea in both cases seems to be able to have a single signature produced from several private keys.
Suppose I can force the private key of a public key within a reasonable time, say 1 month (for example, because I have a fairly efficient algorithm for the discrete register in ecdsa (which I do not have). I also suppose I can invert the hash function of the Bitcoin addresses quickly, or suppose that we only know the public keys because I am the third party in a security deposit service)
Would not be able to break a MuSig address within 1 month (under the previous assumption) by splitting the added private key into the added public key, while in the configuration of a common 2-2 multisig wallet it would take 2 months for to be able to provide two valid signatures since I would have to apply bruteforce both private keys independently?