Sorry there were typos:
- Using MuSig's solution for the blinding factor (e)
- Using interpolation to enhance MuSig to be M of N instead of M of M
References:
- MuSig https://blockstream.com/2018/01/23/musig-key-aggregation-
schnorr-signatures.html
- HomPrf
Hi, thanks for all the help. I'm going to summarize again, and see if
we've arrived at the correct solution for an M of N "single sig" extension
of MuSig, which I think we have.
- Using MuSig's solution for the blinding to solve the Wagner attack
- Using interpolation to enhance MuSig to be M
That's a great point. It's been solved in musig and that doesn't change
the m of n multisig construction.
You use the same musig construction where you hash all keys and sum the
multiplesand use that when computing k ... the shared blinding
factor you're still improving the system
