Author: Pieter Wuille 2018-07-09 02:29:19
Published on: 2018-07-09T02:29:19+00:00
In a Bitcoin development forum, Erik Aronesty suggested using the wiki terminology on Schnorr signatures and changing the "e" term in the Schnorr algorithm to hash of message to the power of r, instead of using concatenation. He explained that this would allow m of n devices to sign a transaction without knowing a private key at all. Each device can roll a random number as a share and the interpolation of that is the private key. The public shares can be broadcast and combined, and signature shares can also be broadcast and combined. This enables an arbitrary set of devices to create a perfectly secure public-private key pair set with no private key anywhere in the process. Pieter Wuille responded that this sounds like a threshold signature scheme, which is already possible with Schnorr, and asked for clarification on the advantages of what Aronesty was describing.
Updated on: 2023-05-20T17:26:21.653757+00:00