Author: Lloyd Fournier 2020-03-16 07:31:44
Published on: 2020-03-16T07:31:44+00:00
The email thread discusses the security of Taproot and how it can be formally modeled. The author suggests that a commitment scheme is a more natural model for Taproot's security, but an optimal model should capture both worlds. The properties of this model include that obtaining signatures for the inner key does not help to forge the outer key, obtaining signatures for the outer key does not help to open the commitment, and obtaining an opening does not help to forge either key. However, modeling key generation in this game can be cumbersome. The author hopes to prove that any secure key generation method will be secure once Taproot is applied if it is a secure commitment scheme. The author believes we can dismiss the need for any signing or commitment opening oracles in any security notion of Taproot and restrict our notion of Taproot's security to its interaction with the key generation protocol only. This gives us a modular and composable security model for Taproot.
Updated on: 2023-06-14T00:00:14.537559+00:00