Schnorr signatures BIP
Posted by Erik Aronesty
Sep 11, 2018/17:37 UTC
In a discussion about the security advantages of a redistributable threshold system, Gregory Maxwell explained that there is no "non-redistributable multisig" proposed for Bitcoin. However, Musig, by being M of M, is inherently prone to loss. To prevent senders of the Gx pubkey shares from using Wagner's algorithm to attack the combined key, they should sign their messages with the associated private key share. Similarly, the Gk nonce fragments should also be signed with the pubkey shares. The concern was raised that Bitcoin releases a multisig that encourages loss, but Maxwell clarified that there is no such proposal.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback