[bitcoin-dev] Multiparty signatures
erik at q32.com
Mon Jul 9 04:29:02 UTC 2018
Because it's non-interactive, this construction can produce multisig
signatures offline. Each device produces a signature using it's own
k-share and x-share. It's only necessary to interpolate M of n shares.
There are no round trips.
The security is Shamir + discrete log.
it's just something I've been tinkering with and I can't see an obvious
It's basically the same as schnorr, but you use a threshold hash to fix the
need to be online.
Just seems more useful to me.
On Sun, Jul 8, 2018, 10:33 PM Pieter Wuille <pieter.wuille at gmail.com> wrote:
> On Sun, Jul 8, 2018, 19:23 Erik Aronesty via bitcoin-dev <
> bitcoin-dev at lists.linuxfoundation.org> wrote:
>> Pretty sure these non interactive sigs are more secure.
> Schnorr signatures are provably secure in the random oracle model assuming
> the discrete logarithm problem is hard in the used group.
> What does "more secure" mean? Is your construction secure with weaker
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev