Author: Tim Ruffing 2020-02-24 11:16:38
Published on: 2020-02-24T11:16:38+00:00
In a recent email exchange on the Bitcoin-dev mailing list, Erik Aronesty shared a concern about the safety of two-phase MuSig. The argument against it is described in this paper published on IACR ePrint Archive. One potential solution that was proposed involves adding a signature timeout to the message, which would prevent participants from signing if the time is too far in the future or if a message has been used previously within a certain window of time. This approach appears to resolve the attacks on two-phase MuSig. However, Tim expressed confusion on the matter and requested further explanation.
Updated on: 2023-06-13T22:23:48.718026+00:00