Hi Pieter, Addressing your comments:
>> Thank you very much for all the clarifications; it’s good to have them >> sorted out and clearly structured. From what you wrote it follows that we >> still need to reserve a dedicated purpose (with new BIP) for BIP340 >> signatures to avoid key reuse, am I right? > > Maybe, but it would be for a particular way of using keys (presumably: > single-key pay-to-taproot), not just the signature scheme itself. If you go > down this path you'll also want dedicated branches for multisig > participation, and presumably several interesting new policies that become > possible with Taproot. Yes, previously we had a dedicated standards (BIPs) for purpose fields on each variant: single-sig, multi-sig etc. With this proposal I simplify this: you will have a dedicated deterministically-derived *hardened* keys for each use case under single standard, which should simplify future wallet implementations. > And as I said, dedicated branches only help for the simple case. For example, > it doesn't address the more general problem of preventing reuse of keys in > multiple distinct groups of multisig sets you participate in. If you want to > solve that you need to keep track of index is for participating in what - > and once you have something like that you don't need dedicated purpose based > derivation at all anymore. In the BIP proposal there is a part on how multisigs can be created in a simple and deterministic way without keys reuse. > So I'm not sure I'd state it as us *needing* a dedicated purpose/branch for > single-key P2TR (and probably many other useful ways of using taproot based > spending policies...). But perhaps it's useful to have. My proposal is to have a new purpose field supporting all the above: hardened derivation that supports for multisigs, single-sigs etc. Kind regards, Maxim _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
