sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
dbcooper has quit 
kensanata has joined #bitcoin-wizards
AbramAdelmo has joined #bitcoin-wizards
AbramAdelmo_ has joined #bitcoin-wizards
AbramAdelmo has quit [Read error: Connection reset by peer]
real_or_random has quit [Ping timeout: 268 seconds]
Dean_Guss has quit [Remote host closed the connection]
Dean_Guss has joined #bitcoin-wizards
neutraltc has quit 
kreative has joined #bitcoin-wizards
Dean_Guss has quit [Ping timeout: 240 seconds]
Sorry for stupid question, but someone claimed that you can't securely do aggregation of signatures in Taproot (i.e. the "key spend" version) without knowing the internal private key. It seems to me that you can do so: Alice and Bob create k_a, k_b and share H(k_aG) and H(k_bG) with each other, then k_aG and k_bG, to get kG = (k_a + k_b)G. They generate and combine s_a = k_a + H(r,P,m)d_a and s_b = k_b + H(r,P,m)d_b to get
(k_a+k_b) + H(r,P,M)(d_a+d_b). For taproot, one of them would include the tweak in their part of the s, e.g. s_a = k_a + H(r,P,m)(t + d_a) to get s = (k_a+k_b) + H(r,P,m)(d_a + d_b + t). This seems to satisfy the equation. Is it broken or vulnerable to something?
Not that I know of.
First time I heard it was insecure
that's how i expect it to work; the tweaking at signing time can also be done by a third party that doesn't actually have a private key
i don't see why it would be insecure
oh no, why is zman lowercase?
OK! Misunderstood then, thanks :)
maybe I am an impostor
In a little while I will be ranting about znn.
aupiff has joined #bitcoin-wizards
kallewoof: with r=kG and P=(d_aG+d_bG) and yeah, that looks right to me too
Fine, the OS insists on lowercasing my username, then I could not find out how this IRC client can override the nick
aj: right! Ok, cool :)
then I registered to freenode with the lowercased nick, so ----
zmnscpxj: well, lowercase nicks are cool, so you've got that going for you
it's only a mild reduction in entropy
I suppose ....
It reduces by 1 bit for each character, this is an entire loss of 8 bits of entropy
UPPERNICK has joined #bitcoin-wizards
UPPERNICK has quit [Remote host closed the connection]
aj: you have been refuted
i've been disputed, not refuted
i wonder who that was!
no, UPPERNICK was definitely cool.
no, you'd need to find a lowercase nick that's not cool to refute me, not an uppercase nick that is cool
right, elementary logic
asoltys has quit [Ping timeout: 246 seconds]
lowercase -> cool, therefore !cool -> !lowercase, then !cool && lowercase refutes it
asoltys has joined #bitcoin-wizards
aupiff has quit [Ping timeout: 260 seconds]
PaulTroon has joined #bitcoin-wizards
CryptoDavid has quit [Quit: Connection closed for inactivity]