Author: Jonas Nick 2022-02-18 13:55:31
Published on: 2022-02-18T13:55:31+00:00
In a recent paper, Chalkias et al. presented a security proof for the concept of half aggregation. Their work can be found in detail at https://eprint.iacr.org/2021/350. However, it is important to note that this particular scheme is not exactly the same as the one mentioned in the original post, as the latter has been deemed insecure. This fact was already pointed out in an earlier thread on half aggregation, which can be accessed at https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014306.html.To ensure the security of the "s"-values, it is necessary to multiply each one with a different unpredictable value. An example of how this can be done can be found at https://github.com/ElementsProject/cross-input-aggregation/blob/master/slides/2021-Q2-halfagg-impl.org#schnorr-signature-half-aggregation-1.
Updated on: 2023-06-15T17:00:17.591046+00:00