Author: Erik Aronesty 2018-07-09 16:33:01
Published on: 2018-07-09T16:33:01+00:00
The conversation is about a new Multisig variant of Schnorr with fewer rounds. The author states that there's no need to distribute the hash if you have the first round and suggests using Shamir interpolation, which is cleaner than additive multisig. For those who asked, the construction from section 7.1 of this paper describes how to use Lagrange interpolation in a group context. The author explains the steps each party must take, such as computing and broadcasting g^k' where k' is a random number, computing r = g^k using Lagrange interpolation, computing H(r || M), and publishing (s', e). Verification involves using Lagrange interpolation on m of n s' shares to get s and standard Schnorr verification. The author concludes by stating that it's possible to remove the point multiplication instead of a hash and stick to Schnorr "as is" while still cutting out all but one online round.
Updated on: 2023-06-13T03:54:11.587905+00:00