- Musig, by being M of M, is inherently prone to loss. - Having the senders of the G*x pubkey shares sign their messages with the associated private key share should be sufficient to prevent them from using wagner's algorithm to attack the combined key. Likewise, the G*k nonce fragments should also be signed with the pubkey shares.
On Tue, Sep 11, 2018 at 1:27 PM Gregory Maxwell <g...@xiph.org> wrote: > On Tue, Sep 11, 2018 at 5:20 PM Erik Aronesty <e...@q32.com> wrote: > > The security advantages of a redistributable threshold system are huge. > If a system isn't redistributable, then a single lost or compromised key > results in lost coins... meaning the system is essetntially unusable. > > > > I'm actually worried that Bitcoin releases a multisig that encourages > loss. > > There is no "non- edistributiable multisig" proposed for Bitcoin > anywhere that I am aware of. >
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev