Author: AdamISZ 2022-05-24 19:06:41
Published on: 2022-05-24T19:06:41+00:00
AdamISZ reached out to Jonas and other list readers on bitcoin-dev to clarify some points regarding handling duplicate keys in the MuSig2 protocol. He provided a summary of what is described in Footnote 2 of the draft BIP and fleshed out the concept of partial signatures not being signatures. According to him, the concept of authenticated channels is important, and there are two scenarios - "Persistent" and "Spontaneous." He argued that the "Persistent" case is not interesting as there would be a way to know what the keys should be. The main substance of the argument seemed to be that they cannot deduce adversarial behavior at key exchange time, so they have to wait for the partial signature step. Additionally, he stated that the protocol laid out in the BIP does not fully identify disruptive signers. He believes that allowing duplicate keys at setup makes the implementation messier and strikes him as risky in the presence of implementation errors.
Updated on: 2023-06-15T18:48:25.108703+00:00