On Sun, Jul 8, 2018, 07:26 Erik Aronesty via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote:
> To save space, start with the wiki terminology on schnorr sigs. > > Consider changing the "e" term in the schnorr algorithm to hash of message > (elligator style) to the power of r, rather than using concatenation. > This is a very vague description. Is there some paper you can reference, or a more detailed explanation of the algorithm? This would allow m of n devices to sign a transaction without any of them > knowing a private key at all. > IE: each device can roll a random number as a share and the interpolation > of that is the private key. > > The public shares can be broadcast and combines. And signature shares can > be broadcast and combined. > > The net result of this is it really possible for an arbitrary set of > devices to create a perfectly secure public-private key pair set. > At no point was the private key anywhere. > All of this sounds like a threshold signature scheme, which as Tim pointed out is already possible with Schnorr. What are the advantages of what you're describing? Cheers, -- Pieter
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
