> For deterministic nonces, you generate r=H(p,m) based on the message
> being signed and your private key, so can only start this process when
> you start signing, and the sharing rounds mean interactivity.
It's not your point but it should be noted that this is not secure unless all
other signer
On Tue, Nov 27, 2018 at 10:33:30PM -0800, Devrandom via bitcoin-dev wrote:
> Are there any candidates for non-interactive threshold signatures?
> Interactive
> signatures are not very suitable for air-gapped use cases.
I think you can work around this to some extent by "batching" signing
request
Hi,
AFAIK, There is no way to do threshold signatures non-interactively for the
general case of t out of n. Even if you are willing to maintain additional
data structure on top of the standard and change verification algorithm
(see for example appendix B in [1] where they use bitmaps).
The best w
Hi Omer,
Are there any candidates for non-interactive threshold signatures?
Interactive signatures are not very suitable for air-gapped use cases.
On Tue, Nov 27, 2018 at 11:18 AM Omer Shlomovits via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hello all,
>
> I am working for th
Hello all,
I am working for the past few months with collaborators (in cc) on
providing Rust reference implementations to existing multi party schemes
for Schnorr signatures [1]. This includes aggregated signatures,
accountable signatures (which for n out of n are multi-signatures) and
threshold s
