Author: Michael Folkson 2022-07-17 13:26:26
Published on: 2022-07-17T13:26:26+00:00
The Bitcoin development community has been discussing the concept of half-aggregation in various contexts. A concrete specification of the scheme and a place for collecting supplemental information like references to cryptographic security proofs have been proposed by Jonas Nick. The BIP draft, available on GitHub, specifies only the cryptographic scheme and does not prescribe specific applications. The specified scheme includes "incremental aggregation" that allows aggregating additional BIP-340 signatures into an existing half-aggregate signature. The formal specification is a mathematically precise description of the scheme, which paves the way for computer-aided formal proofs. Software tools ("proof assistants") allow proving properties about the formal specification and apply formal software verification. Hacspec's syntax being a subset of Rust's syntax means one can use the standard rust toolchain to compile, execute, and test the specification. A blog post provides a broader context on half-aggregation of BIP-340 signatures. The post mentions that Schnorr signature batch verification (no aggregation of signatures) can be done today, but half-aggregation and cross-input signature aggregation would need a soft fork and potentially a new output type in addition. It also notes that this work is still in its early stages and won't be proposed for a soft fork anytime soon.
Updated on: 2023-06-15T22:25:22.670147+00:00