Author: Jonas Nick 2018-09-07 08:11:56
Published on: 2018-09-07T08:11:56+00:00
A multisignature procedure using bip-schnorr has been written by nakagat, but it appears to be vulnerable to key cancellation attacks. These attacks are possible because the aggregated public key is just the sum of public keys, without any proof of knowledge of individual secret keys. An attacker can choose their key to be -alice_key+attacker_key in a multisignature between Alice and themselves, resulting in an aggregated key allowing them to sign alone without requiring Alice's partial signature. The Schnorr BIP refers to the MuSig paper which describes a secure key aggregation scheme. The links to both the multisignature procedure and the original bip-schnorr documentation are provided for review and feedback.
Updated on: 2023-06-13T14:06:29.318994+00:00