Author: Lloyd Fournier 2020-10-09 04:31:28
Published on: 2020-10-09T04:31:28+00:00
In a recent evaluation of "purely scriptless" lightning channels after taproot/schnorr, Z concluded that even in the most optimized case, the 3 round MuSig protocol leads to an extra round of communication before forwarding a payment. However, the original MuSig paper suggested using a two-round MuSig signing algorithm once two keys A and B had already been established for Alice and Bob. This algorithm can be used without MuSig-DN magic and involves Alice picking ra randomly and calculating Ra = ra * G. Bob picks rb randomly and calculates Rb = rb * G. They then use these values to calculate c = H(Ra + Rb || A + B || m) and sb = rb + cb. The author of the post believes that two round MuSig can be used safely in the context of lightning. The post provides links to both the original MuSig paper and Zeeman's evaluation of purely scriptless lightning channels for further reading.
Updated on: 2023-06-03T02:25:59.963500+00:00