[bitcoin-dev] Sum of the keys attack on taproot

Ruben Somsen rsomsen at gmail.com
Sat May 15 20:35:37 UTC 2021


What Tim said is right. To add to that, you may also wish to read about
MuSig:
https://blockstream.com/2018/01/23/en-musig-key-aggregation-schnorr-signatures/

Cheers,
Ruben

On Sat, May 15, 2021 at 10:32 PM Tim Ruffing via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:

> On Sat, 2021-05-15 at 12:21 +0200, vjudeu via bitcoin-dev wrote:
>
>
> >  All that is needed is producing a signature matching the sum of the
> > public keys used in taproot, which is "(a+b-a)*G",
>
> This is simply not true.
>
> Taproot does not enable this, or any other form of "cross-input
> aggregation", i.e., spending multiple UTXOs with a single signature.
>
>
> Tim
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210515/f39c21ba/attachment.html>


More information about the bitcoin-dev mailing list