Hi all, https://github.com/AdamISZ/schnorr-unembeddability/
Here I'm analyzing whether the following statement is true: "if you can embed data into a (P, R, s) tuple (Schnorr pubkey and signature, BIP340 style), without grinding or using a sidechannel to "inform" the reader, you must be leaking your private key". See the abstract for a slightly more fleshed out context. I'm curious about the case of P, R, s published in utxos to prevent usage of utxos as data. I think this answers in the half-affirmative: you can only embed data by leaking the privkey so that it (can) immediately fall out of the utxo set. (To emphasize, this is different to the earlier observations (including by me!) that just say it is *possible* to leak data by leaking the private key; here I'm trying to prove that there is *no other way*). However I still am probably in the large majority that thinks it's appalling to imagine a sig attached to every pubkey onchain. Either way, I found it very interesting! Perhaps others will find the analysis valuable. Feedback (especially of the "that's wrong/that's not meaningful" variety) appreciated. Regards, AdamISZ/waxwing -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/0f6c92cc-e922-4d9f-9fdf-69384dcc4086n%40googlegroups.com.
