mirrors/bitcoin-bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-02-26 08:59:43 +01:00
Code Issues Projects Releases Wiki Activity

Formulate claims about BatchVerify more accurately

Browse source
This commit is contained in:
Pieter Wuille 2019-10-15 12:11:17 -07:00
parent 0655cc3c64
commit 1442d4dabc
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bip-schnorr.mediawiki
View file

@ -192,7 +192,7 @@ The algorithm ''BatchVerify(pk<sub>1..u</sub>,m<sub>1..u</sub>,sig<sub>1..u</sub
* Fail if ''(s<sub>1</sub> + a<sub>2</sub>s<sub>2</sub> + ... + a<sub>u</sub>s<sub>u</sub>)⋅G &ne; R<sub>1</sub> + a<sub>2</sub>⋅R<sub>2</sub> + ... + a<sub>u</sub>⋅R<sub>u</sub> + e<sub>1</sub>⋅P<sub>1</sub> + (a<sub>2</sub>e<sub>2</sub>)⋅P<sub>2</sub> + ... + (a<sub>u</sub>e<sub>u</sub>)⋅P<sub>u</sub>''.
* Return success iff no failure occurred before reaching this point.
With overwhelming probability, ''BatchVerify(pk<sub>1..u</sub>,m<sub>1..u</sub>,sig<sub>1..u</sub>) = Verify(pk<sub>1</sub>,m<sub>1</sub>,sig<sub>1</sub>) and Verify(pk<sub>2</sub>,m<sub>2</sub>,sig<sub>2</sub>) and ... and Verify(pk<sub>u</sub>,m<sub>u</sub>,sig<sub>u</sub>)''. If all signatures are valid it will always succeed. If one or more signatures are invalid, it will succeed with probability ''2<sup>-n</sup>''.
If all individual signatures are valid (i.e., ''Verify'' would return success for them), ''BatchVerify'' will always return success. If at least one signature is invalid, ''BatchVerify'' will return success with at most a negligable probability.
=== Optimizations ===