BLISK: Boolean circuit Logic Integrated into the Single Key

The policy outlined demonstrates a sophisticated cryptographic structure where a valid signature can be generated by four distinct coalitions, specifically pairs formed by either A or B with either C or D. This setup is visualized in a PK tree, offering a clear representation of the possible combinations that can authenticate a transaction or document.

In this system, the verification key, denoted as P, diverges from a straightforward MuSig2 aggregation of all parties involved. Instead, it cleverly combines two separate aggregations: P_left and P_right. These are not mere collections of the participants' keys but are instead derived through an elliptic curve Diffie-Hellman (ECDH) operation between each pair, followed by hashing and scaling by the generator point G. Specifically, P_left is obtained from the ECDH result of participants A and B, whereas P_right stems from that of C and D. The final verification key P results from a MuSig2 aggregation of these two intermediary keys.

An important aspect to note is that although the theoretical framework allows for any pair among the four defined coalitions to sign, the code example provided focuses on Alice and Carol as the active signers. This choice does not limit the functionality, as Bob and Dave—or any other authorized pair—can sign in a similar manner, showcasing the flexibility and security of the protocol. This mechanism underscores a crucial feature of modern cryptographic practices, emphasizing both security through mathematical rigor and practical flexibility in implementation.