1
0
mirror of https://github.com/bitcoin/bips.git synced 2024-11-19 09:50:06 +01:00
Commit Graph

48 Commits

Author SHA1 Message Date
Yannick Seurin
5d10163efc
more precise wording
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
2024-05-06 11:40:02 +02:00
Yannick Seurin
1f1f24f0ef
spelling out FROST
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
2024-05-06 11:39:15 +02:00
Yannick Seurin
4dcdadee67 update changelog 2024-05-03 10:32:42 +02:00
Yannick Seurin
1ed7d03393 more precise wording for key-prefixing justification 2024-05-03 10:31:27 +02:00
Yannick Seurin
2c017b0c0b link to BIP327 2024-04-30 11:42:38 +02:00
Yannick Seurin
f75184b8d8 updating info on multi-, threshold, and blind signatures 2024-04-30 11:34:30 +02:00
Tim Ruffing
d80e437ab1 bip340: Add subsection on Domain Separation 2023-04-20 16:01:00 -04:00
Tim Ruffing
200f9b26fe bip340: Allow variable-length messages 2023-04-20 16:01:00 -04:00
Pieter Wuille
6163d36d0b bip340: clarify that tags are byte arrays 2023-04-20 15:56:28 -04:00
Christian Lewe
43fa7cf13d Mark Taproot BIPs as Final 2023-02-19 16:16:13 +01:00
Jonas Nick
3998dbbc8a BIP 340: fix function signature of lift_x in reference code
bip-0340.mediawiki defines lift_x as taking an integer argument. This commit
changes the argument of lift_x in the reference code to be identical to the
specification. Previously it took a byte array.
2022-08-23 10:07:32 +00:00
Jonas Nick
0144413e91 bip-0340: clarify that lift_x fails with out-of-range inputs
Without this commit, it's not defined what happens if x is not in range 0..p-1.
However, lift_x may easily be called with out of range values. The reference
implementation of lift_x correctly returns failure in such cases.
2022-06-20 13:43:56 +00:00
Samuel Dobson
d58f2b29f7 BIP340: fix broken link to Schnorr's blind signature attack 2022-01-21 21:59:30 +13:00
Jonas Nick
255b5b67c0 BIP340: remove batch speedup graph and link to it instead
This avoids having to update the BIP with a fresh graph every time there's a
change to libsecp and suggests that the expected speedup depends on the specific
implementation.
2021-05-17 14:55:13 +00:00
Orfeas Litos
23782b8693
Remove the term "secret nonce", only refer to s 2020-11-30 14:30:47 +00:00
Orfeas Litos
cf32b7bd39
Say that public nonce is R and private nonce is s 2020-11-30 12:31:10 +00:00
Pieter Wuille
3b1fb9600b Clarify that R=infinity is invalid in BIP340
Also rename is_infinity to is_infinite is reference implementation,
to match the wording in BIP340.
2020-09-03 14:38:22 -07:00
Pieter Wuille
b6b0715c28 Clarify that Jacobian coordinates are the optimization, not the Legendre symbol 2020-08-26 15:56:23 -07:00
Pieter Wuille
8a3db73a84 Rename lift_x_even_y to lift_x 2020-08-20 13:24:20 -07:00
Pieter Wuille
5dadeb3e1c Change tags to avoid collisions with earlier draft 2020-08-20 13:24:20 -07:00
Pieter Wuille
968096c451 Switch to even tiebreaker for R 2020-08-20 13:24:16 -07:00
Tim Ruffing
e98888322f
BIP340: Fix typo 2020-08-04 18:57:16 +02:00
Pieter Wuille
e331aadf92
Merge pull request #206 from jonasnick/some-fixups
BIP-0340: Miscellaneous fixups
2020-07-21 19:38:23 -07:00
Jonas Nick
7e9b4dd620 BIP-0340: note that adapting the spec to other curves is insecure 2020-07-21 18:44:46 +00:00
Pieter Wuille
005586d2fd Clarify security argument of x-only pubkeys better 2020-07-20 14:39:28 -07:00
Jonas Nick
2611302d83 BIP-0340: Remove last remaining mention of Jacobi symbol
Jacobi symbol can be confusing because it may suggest that the modulus is
composite.

Thanks to Alan Szepieniec for pointing out this issue.
2020-07-18 20:14:51 +00:00
Jonas Nick
804538f141 BIP-0340: small fixups
- key prefixing means prefixing the message
- array indexing starts with 0
- 'Gennaro' is spelled with two n's
- has_even_y definition takes P as argument

Thanks to Alan Szepieniec for pointing out these issues.
2020-07-18 20:14:36 +00:00
Tim Ruffing
a6301c5af0 Optionally print intermediate values in reference code
and make reference code and pseudocode more consistent with each other
2020-03-12 21:15:52 +01:00
Tim Ruffing
cd19095fb0 Switch to only 32 bytes aux 2020-02-29 11:21:24 +01:00
Tim Ruffing
4f482a6748
Fix a few minor issues
* Recommend a byte length for aux random data
 * Clarify that with signature verification by default at the end of the signing algorithm, using public keys from untrusted sources is not an issue.  
 *  A few editorial nits
2020-02-24 21:59:13 +01:00
Pieter Wuille
88d30c704f Address comments 2020-02-23 19:45:10 -08:00
Pieter Wuille
806b46fde1 Switch to new synth nonce scheme and make it default 2020-02-23 19:43:20 -08:00
Anthony Towns
453947f43a give bip32 conversion its own section 2020-02-23 19:40:21 -08:00
Anthony Towns
455504b3af Include d in nonce rather than d' 2020-02-23 19:40:19 -08:00
Anthony Towns
8a009b90d8 notes about precomputed pubkey data 2020-02-23 19:39:00 -08:00
Pieter Wuille
d11cf65b6c Change tags to prevent inconsistent breakage with earlier draft 2020-02-23 19:35:22 -08:00
Pieter Wuille
6581a87ff2 Switch to even-y tiebreaker for pubkeys 2020-02-23 19:33:35 -08:00
Jonas Nick
ddc31eb6f6 BIP-340: Improve wording of recommendation for fresh secret keys 2020-02-23 19:33:13 -08:00
Jonas Nick
8b4f79b6f6 BIP-340: Stress that secret key should be fresh and if not then RFC6979 shouldn't be used 2020-02-23 19:33:13 -08:00
Keagan McClelland
4b18c45e74
Update bip-0340.mediawiki 2020-02-23 13:43:25 -08:00
Luke Dashjr
99d4de01cd
Merge pull request #884 from RandyMcMillan/patch-2
bip-0340: typo change intent to intend
2020-02-19 22:47:00 +00:00
Jonas Nick
b4255dc83b BIP 340: Recommend verifying the signing output 2020-01-28 22:04:39 +00:00
Jonas Nick
2874f1ffe7 BIP 340: Recommend synthetic nonces 2020-01-28 22:04:34 +00:00
@RandyMcMillan
66ab3565ef
change intent to intend 2020-01-26 16:44:37 -05:00
Pieter Wuille
9cf4038f17 fix BIP links 2020-01-20 07:35:26 -08:00
Pieter Wuille
c3b91dcc22 Fixes to headers 2020-01-19 14:48:58 -08:00
Pieter Wuille
e1914b8173 fixes 2020-01-19 14:48:58 -08:00
Pieter Wuille
1faa4b19bc Rename BIPs 2020-01-19 14:47:33 -08:00