Post
πŸ”– Title: Schnorr signatures BIP 🏷️ Categories: bitcoin-dev πŸ‘₯ Authors: β€’ Anthony Towns ( Anthony Towns [ARCHIVE] ) β€’ Russell O'Connor ( Russell O'Connor [ARCHIVE] ) β€’ Tim Ruffing ( Tim Ruffing [ARCHIVE] ) β€’ Andrew Poelstra ( Andrew Poelstra [ARCHIVE] ) β€’ Erik Aronesty ( Erik Aronesty [ARCHIVE] ) πŸ“… Messages Date Range: 2018-08-04 to 2018-08-29 βœ‰οΈ Message Count: 7 πŸ“š Total Characters in Messages: 13426
⚑ 0
❀️ 0
πŸ“… Original date posted:2018-08-04 πŸ“ Original message:I propose changing the verification equation from "Let *R = sG - eP*" to Let *R = sG + eP* This allows faster verification by avoiding negating a point (or a coefficient). If, instead of directly following the literal verification... show more
πŸ“… Original date posted:2018-08-05 πŸ“ Original message:Over chat it has been pointed out to me that computing the non-quadratic residue is not the same cost as computing a quadratic residue. As pointed out in footnote 7 of the the proposed BIP, c^((p+1)/4) is always a quadratic residue and must be... show more
πŸ“… Original date posted:2018-08-06 πŸ“ Original message:On Sun, Aug 05, 2018 at 10:33:52AM -0400, Russell O'Connor via bitcoin-dev wrote: > In light of this, I revise my proposed change to make the verification > equation > > R + sG + eP = 0. Isn't the verification equation "R + s(-G) + eP =... show more
πŸ“… Original date posted:2018-08-06 πŸ“ Original message:On Mon, Aug 6, 2018 at 4:39 AM, Anthony Towns <aj at erisian.com.au> wrote: > On Sun, Aug 05, 2018 at 10:33:52AM -0400, Russell O'Connor via bitcoin-dev > wrote: > > In light of this, I revise my proposed change to make the... show more
πŸ“… Original date posted:2018-08-06 πŸ“ Original message:Is it intentional that the encoding of public (and private) keys is unspecified? I'd consider at least the encoding of the public key to be part of the signature scheme, so ideally it should be specified already in this BIP. On the other hand,... show more
πŸ“… Original date posted:2018-08-12 πŸ“ Original message:I think it's just an oversight. We should specify that we use the standard encoding from section 2.3 of www.secg.org/sec1-v2.pdf except that we allow only compressed public keys. Andrew On Mon, Aug 06, 2018 at 11:12:48PM +0200, Tim Ruffing via... show more
πŸ“… Original date posted:2018-08-29 πŸ“ Original message:Note: This spec cannot be used directly with a shamir scheme to produce single-round threshold multisigs, because shares of point R would need to be broadcast to share participants in order to produce valid single signatures. (R, s)... show more