Author: Lloyd Fournier 2020-03-06 06:40:24
Published on: 2020-03-06T06:40:24+00:00
In a discussion on the Bitcoin-dev mailing list, there is debate surrounding the use of pairing based signatures versus non-deterministic signatures like Schnorr over BLS. One argument in favor of using randomness in signature schemes is that it allows for a type of signature encryption called "adaptor signatures", which is important for layer 2 protocols. The original poster also shared a paper they wrote on the topic called "One-Time Verifiably Encrypted Signatures A.K.A Adaptor Signatures". However, Erik Aronesty argues that Schnorr signatures rely heavily on the masking provided by a random nonce and that there are many ways to introduce bias. He cites a study that shows even 2 bits of bias can result in serious attacks. Aronesty suggests that pairing based signatures, while slower, may be more flexible and better suited for secure implementations.
Updated on: 2023-06-14T00:01:54.920617+00:00