Author: Erik Aronesty 2020-02-24 15:30:54
Published on: 2020-02-24T15:30:54+00:00
The discussion is about preventing repeated signings of the same message and using a "validity" time window so that the amount of state you need to enquire about isn't unbounded. The Drijvers, et al paper is specifically concerned with parallel and aborted signings, where ksums can be used. The more variables an attacker can control, the more "k" lists they can form, and the more likely they can find collisions. To reduce the attack surface, signers should refuse to sign stale or the same messages twice and limit the number of parallel signatures beyond a certain limit.One solution is to add a signature timeout to the message by including a block height. Participants will refuse to sign if that time is too far in the future, is at all in the past, or if a message M is the same as any previous message within that time window. This approach seems to resolve the attacks on 2 round musig. However, Tim Ruffing expressed confusion regarding this proposal and asked for elaboration.
Updated on: 2023-06-13T22:21:27.388109+00:00