I'm really happy to see this discussion. I don't have any comments on the spec
because I think I'd have to be more in-the-weeds trying to implement a hww to
understand how well it works for realistic use cases. But a strong concept-ACk
from me and thanks to Salvatore for exploring this!

On Mon, May 09, 2022 at 11:36:47AM +0000, darosior via bitcoin-dev wrote:
> Unrelated question, since you mentioned `musig2` descriptors in this context. 
> I thought Musig2 wasn't really
> feasible for hardware signing devices, especially stateless ones. Do you 
> think/know whether it is actually
> possible for a HW to take part in a Musig2?

As Salvatore mentioned in his reply, there are a couple ways that hwws can deal
with musig2 -- specifically, having state (and I believe you can get away with
as little state as a single monotonic counter) or having a RNG which is reliable
enough that it at least won't repeat values.

Because these aren't blockers for all hwws, even if they are blockers for some,
I'd really like to see musig2 support in these protocols, or at least for musig2
to be considered in their design.

Andrew Poelstra
Director of Research, Blockstream
Email: apoelstra at wpsoftware.net
Web:   https://www.wpsoftware.net/andrew

The sun is always shining in space
    -Justin Lewis-Webster

Attachment: signature.asc
Description: PGP signature

bitcoin-dev mailing list

Reply via email to