sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
shrug has quit []
laptop has quit [Ping timeout: 265 seconds]
vtnerd has quit [Ping timeout: 272 seconds]
vtnerd has joined #bitcoin-wizards
tummy has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
rusty has quit [Client Quit]
rusty has joined #bitcoin-wizards
justanotheruser has quit [Ping timeout: 272 seconds]
vtnerd has quit [Ping timeout: 240 seconds]
vtnerd has joined #bitcoin-wizards
jeremyrubin has quit [Ping timeout: 260 seconds]
zmnscpxj__ has quit [Ping timeout: 240 seconds]
CryptoDavid has quit [Quit: Connection closed for inactivity]
yanmaani has quit [Ping timeout: 240 seconds]
yanmaani has joined #bitcoin-wizards
Moe_Epsilon has quit [Remote host closed the connection]
Emcy has quit [Read error: Connection reset by peer]
AaronvanW has quit [Remote host closed the connection]
Guest21218 has quit [Remote host closed the connection]
zmnscpxj__ has joined #bitcoin-wizards
son0p has joined #bitcoin-wizards
tromp_ has quit [Read error: Connection reset by peer]
tromp has joined #bitcoin-wizards
Livestradamus has quit [Quit: I'm out.]
Livestradamus has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
Suigintou has joined #bitcoin-wizards
t-bast has quit [Quit: Leaving]
mauz555 has joined #bitcoin-wizards
shesek has quit [Remote host closed the connection]
AaronvanW has quit [Remote host closed the connection]
tynes has quit [Ping timeout: 256 seconds]
tynes has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
smak has joined #bitcoin-wizards
Suigintou has quit []
<pinheadmz>
Reading up on MuSig2 and I wonder, after generating Ri1, Ri2,... in the first signing step, does that step ever need to be repeated for subsequent transactions? Or can future R values be derived deterministically similar to bip32 chains?
<zmnscpxj__>
Does that save on operations?
<pinheadmz>
where I'm going with this is, after the first two round scheme for the first tx a group signs, can each additional tx be signed with a single round?
<pinheadmz>
or does Ri1, Ri2, ... really need to be generated fresh by each party for each tx
<nickler>
it would save on communication, but no
glozow has joined #bitcoin-wizards
<aj>
if you do Ri1, .., RiN and create N signatures, I think that would leak your private key?
<nickler>
the values need to be generated freshly but you can still sign additional txs with a single round, by sharing all R's for future txs in the very first communication step
<pinheadmz>
aha super interesting
<pinheadmz>
so step one is like, generate R values for the next 10,000 transactions
<nickler>
or you send fresh R's for the next transaction along with the signature
<pinheadmz>
Oh thats clever too yes
<pinheadmz>
ok so there is a UX that feels like "legacy" multisig available here
<zmnscpxj__>
except you have to store the previous `R` values
<pinheadmz>
group member proposes a tx and i send one message back with enough enough to complete and broadcast
<nickler>
yeah that UX is possible, but need to maintain state correctly
<pinheadmz>
ah yes that is a bit extra overhead
<pinheadmz>
so there is no way to generate these R's deterministally without brekaing security?
<pinheadmz>
(to remove that state)
<nickler>
you can remove the state with musig-dn, but then you can't pre-share the nonces before knowing the message