Author: nakagat 2018-09-12 06:00:17
Published on: 2018-09-12T06:00:17+00:00
The context is a message from nakagat to Jonas Nick, asking for feedback on a multisignature procedure using bip-schnorr. Jonas has pointed out that the writeup appears to be vulnerable to key cancellation attacks as the aggregated public key is just the sum of public keys without proof of knowledge of individual secret keys. In case of multisignature between Alice and an attacker, the attacker can choose their key to be -alice_key+attacker_key resulting in an aggregated key for which the attacker can sign alone. Jonas suggests a secure key aggregation scheme described in the MuSig paper and provides a link to it. Nakagat has written a new text and provided a link to it. They request a review and feedback on it. The original text on multisignatures and threshold signatures is also linked.
Updated on: 2023-06-13T14:06:18.816991+00:00