Multisignature for bip-schnorr [combined summary]

• Multisignature for bip-schnorr nakagat 2018-09-12 06:00:17+00:00
• Multisignature for bip-schnorr Jonas Nick 2018-09-07 08:11:56+00:00
• Multisignature for bip-schnorr nakagat 2018-08-31 05:22:54+00:00
• Multisignature for bip-schnorr Erik Aronesty 2018-08-29 11:28:56+00:00
• Multisignature for bip-schnorr nakagat 2018-08-07 06:35:58+00:00

Published on: 2018-09-12T06:00:17+00:00

Summary:

A developer named Nakagawa has posted a multisignature procedure using bip-schnorr on the bitcoin-dev mailing list. However, Jonas Nick has pointed out that the writeup appears to be vulnerable to key cancellation attacks. This is because the aggregated public key is simply the sum of public keys without any proof of knowledge of individual secret keys. As a result, an attacker can choose their key in such a way that they can sign alone without requiring the other party's partial signature.To address this vulnerability, Jonas suggests a secure key aggregation scheme described in the MuSig paper. He provides a link to the paper for reference. Nakagawa has also written a new text addressing the issue and includes a link to it for review and feedback. In addition, the original text on multisignatures and threshold signatures is linked for further information.Furthermore, Nakagawa has developed a t-of-k threshold signature procedure using bip-schnorr and is seeking feedback on it. The code for this implementation can be found on Github. Additionally, the original code for both multisignatures and threshold signatures using bip-schnorr is available on Github as well.The post requesting feedback on the multisignature procedure was made on August 13, 2018. While the method is considered cool, it has been pointed out that there are a lot of online steps involved and it does not function as a threshold system. However, it is suggested that using a shamir scheme can solve these issues and prevent birthday attacks. A Medium article explaining this solution is provided as a reference.In conclusion, Nakagawa has shared a multisignature procedure using bip-schnorr but has received feedback about its vulnerability to key cancellation attacks. Suggestions have been made to use a secure key aggregation scheme described in the MuSig paper. Nakagawa has also developed a t-of-k threshold signature procedure and is seeking feedback on both implementations. Links to the relevant code and documentation are provided for review.

Updated on: 2023-08-01T23:42:34.157571+00:00