[bitcoin-dev] Revisiting squaredness tiebreaker for R point in BIP340

Pieter Wuille bitcoin-dev at wuille.net
Thu Aug 27 01:10:21 UTC 2020

On Friday, August 21, 2020 1:50 AM, John Newbery via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:

> Summary: We should change the proposal and implementation to use even tie-breakers everywhere.
> John #notoquadraticresiduetiebreakers Newbery

Thanks Nadav, Lloyd, John, and those who commented privately,

As the comments we've received have been unanimously in favor of changing, here is the PR for doing so: https://github.com/bitcoin/bips/pull/982

I'm very happy with this outcome, as it's indeed a significant reduction in the mental overhead needed for explaining the design decisions (the entire optimization section from the BIP can be removed, as those are no longer relevant to inform the decisions).

There is still some ongoing discussion about another change, namely permitting the use of messages that aren't exactly 32 bytes in length: https://github.com/sipa/bips/issues/207, but that would be a strict superset of what is permitted now, and have no impact on its use in BIP341/BIP342.


Pieter #thefinalfinalfinalbip340 Wuille
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200827/4f959652/attachment.html>

More information about the bitcoin-dev mailing list