Author: Erik Aronesty 2018-09-11 17:37:59
Published on: 2018-09-11T17:37:59+00:00
In a discussion about the security advantages of a redistributable threshold system, Gregory Maxwell explained that there is no "non-redistributable multisig" proposed for Bitcoin. However, Musig, by being M of M, is inherently prone to loss. To prevent senders of the G*x pubkey shares from using Wagner's algorithm to attack the combined key, they should sign their messages with the associated private key share. Similarly, the G*k nonce fragments should also be signed with the pubkey shares. The concern was raised that Bitcoin releases a multisig that encourages loss, but Maxwell clarified that there is no such proposal.
Updated on: 2023-06-13T03:41:27.508020+00:00