To save space, start with the wiki terminology on schnorr sigs. Consider changing the "e" term in the schnorr algorithm to hash of message (elligator style) to the power of r, rather than using concatenation.
I don't think this changes the security. An attacker would need to know k to either way to compromise the private key. This would allow m of n devices to sign a transaction without any of them knowing a private key at all. IE: each device can roll a random number as a share and the interpolation of that is the private key. The public shares can be broadcast and combines. And signature shares can be broadcast and combined. The net result of this is it really possible for an arbitrary set of devices to create a perfectly secure public-private key pair set. At no point was the private key anywhere.
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
