-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MuSig2 module #1452
Comments
Concept ACK
Makes sense. |
I read this and assumed it just means not peer reviewed to the same standard as the MuSig2 protocol itself not that you had found a problem with your security proof you proposed for MuSig + adaptor before. Is this right? |
Concept ACK |
Concept ACK, we'd be happy to start integrating this into lightning once that PR is opened! |
@LLFourn Yes that's right. I'm not aware of any problems with the adaptor signature scheme as implemented in the secp256k1-zkp MuSig2 module. The only analysis of its security I'm aware of is this proof sketch: https://github.com/BlockstreamResearch/scriptless-scripts/blob/a8b6ff21fc7f4529eabbe639fbff49f047a3579d/md/musig2-adaptorsig.md. |
I should note that the MuSig2 implementation in libsecp256k1-zkp uses a |
e682267 build: Error if required module explicitly off (Tim Ruffing) 89ec583 build: Clean up handling of module dependencies (Tim Ruffing) Pull request description: This is a cleanup which makes it easier to add further modules with dependencies, e.g., in #1452. The diff looks larger than it is because I also reordered the modules and made the order consistent between CMake and autotools. (We noticed that the current logic could be improved in BlockstreamResearch/secp256k1-zkp#275.) ACKs for top commit: jonasnick: ACK e682267 hebasto: ACK e682267. Tree-SHA512: 040e791e5b5b9b8845a39632633a45ca759391455910bdefba2b7b77c6340e65df6eda18199ae2ad65c30ee2fc6630471437aec143c26fe09ae4c11409a37622
I think a module for MuSig2 would be in the scope of libsecp256k1. Its relevance for the Bitcoin ecosystem is demonstrated by several factors:
MuSig2 has a detailed specification (with reference code and test vectors) and security proofs.
I suggest to copy the MuSig2 module from libsecp256k1-zkp which has already undergone significant review. I volunteer to do this. We should, however, remove the functions for MuSig2 adaptor signatures as they lack both a specification and a satisfactory security proof.
The text was updated successfully, but these errors were encountered: