I'm really happy to see this discussion. I don't have any comments on the spec because I think I'd have to be more in-the-weeds trying to implement a hww to understand how well it works for realistic use cases. But a strong concept-ACk from me and thanks to Salvatore for exploring this!
On Mon, May 09, 2022 at 11:36:47AM +0000, darosior via bitcoin-dev wrote: > > Unrelated question, since you mentioned `musig2` descriptors in this context. > I thought Musig2 wasn't really > feasible for hardware signing devices, especially stateless ones. Do you > think/know whether it is actually > possible for a HW to take part in a Musig2? > As Salvatore mentioned in his reply, there are a couple ways that hwws can deal with musig2 -- specifically, having state (and I believe you can get away with as little state as a single monotonic counter) or having a RNG which is reliable enough that it at least won't repeat values. Because these aren't blockers for all hwws, even if they are blockers for some, I'd really like to see musig2 support in these protocols, or at least for musig2 to be considered in their design. -- Andrew Poelstra Director of Research, Blockstream Email: apoelstra at wpsoftware.net Web: https://www.wpsoftware.net/andrew The sun is always shining in space -Justin Lewis-Webster
signature.asc
Description: PGP signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
