Author: AdamISZ 2023-05-01 18:37:27
Published on: 2023-05-01T18:37:27+00:00
In a Bitcoin-dev mailing list post, AdamISZ discusses the security of using signature adaptors for two-party swapping and multiparty swaps. While there is already substantial work regarding the security of adaptors from 2019-2021, AdamISZ's analysis focuses on scenarios with multiple adaptors or signing sessions with the same adaptor. The paper is currently unreviewed, and AdamISZ invites corrections and comments from experts in the field. Lloyd Fournier responds to the post, arguing against AdamISZ's claim that single signer adaptors are useless, citing their usefulness in revealing secrets. Fournier also suggests a general proof against all secure Schnorr signing schemes in the ROM by extending the ROM forwarding approach from Aumayer et al to all "tweak" operations on elements that go into the Schnorr challenge hash. This would allow proving all variants secure for past and present schemes in one go. AdamISZ appreciates Fournier's thoughts and asks if there are any papers on tweaking in general.
Updated on: 2023-06-16T18:09:08.006218+00:00