On Wed, Aug 29, 2018 at 08:09:36AM -0400, Erik Aronesty wrote:
> Note:
> This spec cannot be used directly with a shamir scheme to produce
> single-round threshold multisigs, because shares of point R would need to
> be broadcast to share participants in order to produce valid single
> signatures.
> (R, s) schemes can still be used "online", if share participants publish
> the R(share).... but, not sure if it matter much, this choice eliminates
> offline multiparty signing in exchange for batch validation.

Please stop with this FUD. No tradeoff was made. There are no non-interactive
Schnorr signatures.


Andrew Poelstra
Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web:   https://www.wpsoftware.net/andrew

"A goose alone, I suppose, can know the loneliness of geese
 who can never find their peace,
 whether north or south or west or east"
       --Joanna Newsom

Attachment: signature.asc
Description: PGP signature

bitcoin-dev mailing list

Reply via email to