--- Original Message ---
On Thursday, July 28th, 2022 at 11:51 AM, Ali Sherief
wrote:
> The way I understood the BIP, was that a user can do batch recovery or
> single-key recovery. Can you explain how it is possible to recover a public
> key from a single-key signature, because a few
> Yes, that's an intentional design choice in BIP340, see note 5:
> https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#cite_ref-5-0.
> The choice is either batch verifiability or public key recovery.
The way I understood the BIP, was that a user can do batch recovery or
single-key
--- Original Message ---
On Thursday, July 28th, 2022 at 3:27 AM, Ali Sherief via bitcoin-dev
wrote:
> Essentially, zero-knowledge proofs such as Schnorr are not compatible with
> address message signing - the public key cannot be retrieved from the address
> or the signature, so the
Here is an except of the BIP-notatether-messageverify thread, where I
contemplate how to implement address/message signing support for Taproot i.e.
Schnorr signatures, in my post at:
https://bitcointalk.org/index.php?topic=5407517.msg60642144#msg60642144
(stripped of bbcode formatting)
==