On Sun, Jul 8, 2018, 21:29 Erik Aronesty <e...@q32.com> wrote:

> Because it's non-interactive, this construction can produce multisig
> signatures offline.   Each device produces a signature using it's own
> k-share and x-share.   It's only necessary to interpolate M of n shares.
> There are no round trips.
> The security is Shamir + discrete log.
> it's just something I've been tinkering with and I can't see an obvious
> problem.
> It's basically the same as schnorr, but you use a threshold hash to fix
> the need to be online.
> Just seems more useful to me.

That sounds very useful if true, but I don't think we should include novel
cryptography in Bitcoin based on your not seeing an obvious problem with it.

I'm looking forward to seeing a more complete writeup though.


bitcoin-dev mailing list

Reply via email to