Author: adiabat 2017-05-07 06:45:00
Published on: 2017-05-07T06:45:00+00:00
The implementation of Schnorr signatures in a future witness version could lead to non-interactive partial aggregation of the signatures on a per-block basis, thereby saving space. It appears to have no security issues, but the author is seeking feedback from the mailing list to identify any vulnerabilities. The signature process involves private keys multiplied by a generator to get a public key, after which signers calculate 's' values that are used to create a signature. Interactively, aggregate signatures can be made by cosigners who share their R values to build an aggregate R value. Non-interactively, half the signature can be aggregated, and the s-values can be summed up. When making transactions, wallets can sign in the normal way, and the signature consisting of [R, s] goes into the witness stack. Miners remove the s-value from all compatible inputs when generating a block and commit to the aggregate s-value in the coinbase transaction. The advantages of this method include the ability to fit more signatures in a block, taking up less disk and network space, and speeding up block verification.
Updated on: 2023-05-20T02:11:38.782938+00:00