Adaptor generalisation

The initial inquiry revolves around the utility of on-chain verification for statements not confined to the secp256k1 generator G. This question branches into two directions: the recognition of its usefulness for Zero-Knowledge Proof (ZKP) constructions and the acknowledgment of its current impracticality due to limitations in verification capabilities.

The core of the investigation examines if adaptor signatures could enable a form of verification that is not directly possible. It unfolds a proposed two-party protocol wherein one party, A, can convince another party, B, that the publication of a BIP340 signature confirms the truth of a Discrete Logarithm Equality (DLEQ) statement. This statement involves two bases, G and an alternative base, showcasing the protocol's interactive nature where A provides B with an adaptor. However, this adaptor alone does not establish the DLEQ relationship.

The exploration is segmented into two primary focuses. Initially, the blog discusses a generalized approach towards multi-base single statements, often associated with "proof of representation." Despite not developing this concept into a concrete solution, it invites readers interested in theoretical aspects. Subsequently, the narrative shifts towards practical application, particularly how embedding curve points within a transaction message could enable crafting a BIP340 signature. This signature, when paired with a valid adaptor, assures that its publication on-chain would verify the DLEQ relationship, mitigating concerns of forgery detailed in the discussion.

AdamISZ/waxwing expresses a desire to further explore the integration of generalized sigma protocols with the ideas presented, despite uncertainties surrounding this ambition. This exploration signifies a step towards broadening the application and understanding of adaptor signatures within cryptographic protocols.