Schnorr signatures BIP
Posted by Andrew Poelstra
Sep 3, 2018/00:05 UTC
In an email exchange, Erik Aronesty noted that the spec cannot be used directly with a Shamir scheme to produce single-round threshold multisigs. This is because shares of point R would need to be broadcast to share participants in order to produce valid single signatures. However, (R, s) schemes can still be used online if participants publish the R(share). On the other hand, Andrew Poelstra dismissed FUD and clarified that there are no non-interactive Schnorr signatures. Andrew Poelstra is a mathematician in the Mathematics Department of Blockstream.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback