Yannick Seurin
5d10163efc
more precise wording
...
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
2024-05-06 11:40:02 +02:00
Yannick Seurin
1f1f24f0ef
spelling out FROST
...
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
2024-05-06 11:39:15 +02:00
Yannick Seurin
4dcdadee67
update changelog
2024-05-03 10:32:42 +02:00
Yannick Seurin
1ed7d03393
more precise wording for key-prefixing justification
2024-05-03 10:31:27 +02:00
Yannick Seurin
2c017b0c0b
link to BIP327
2024-04-30 11:42:38 +02:00
Yannick Seurin
f75184b8d8
updating info on multi-, threshold, and blind signatures
2024-04-30 11:34:30 +02:00
Tim Ruffing
d80e437ab1
bip340: Add subsection on Domain Separation
2023-04-20 16:01:00 -04:00
Tim Ruffing
200f9b26fe
bip340: Allow variable-length messages
2023-04-20 16:01:00 -04:00
Pieter Wuille
6163d36d0b
bip340: clarify that tags are byte arrays
2023-04-20 15:56:28 -04:00
Christian Lewe
43fa7cf13d
Mark Taproot BIPs as Final
2023-02-19 16:16:13 +01:00
Jonas Nick
3998dbbc8a
BIP 340: fix function signature of lift_x in reference code
...
bip-0340.mediawiki defines lift_x as taking an integer argument. This commit
changes the argument of lift_x in the reference code to be identical to the
specification. Previously it took a byte array.
2022-08-23 10:07:32 +00:00
Jonas Nick
0144413e91
bip-0340: clarify that lift_x fails with out-of-range inputs
...
Without this commit, it's not defined what happens if x is not in range 0..p-1.
However, lift_x may easily be called with out of range values. The reference
implementation of lift_x correctly returns failure in such cases.
2022-06-20 13:43:56 +00:00
Samuel Dobson
d58f2b29f7
BIP340: fix broken link to Schnorr's blind signature attack
2022-01-21 21:59:30 +13:00
Jonas Nick
255b5b67c0
BIP340: remove batch speedup graph and link to it instead
...
This avoids having to update the BIP with a fresh graph every time there's a
change to libsecp and suggests that the expected speedup depends on the specific
implementation.
2021-05-17 14:55:13 +00:00
Orfeas Litos
23782b8693
Remove the term "secret nonce", only refer to s
2020-11-30 14:30:47 +00:00
Orfeas Litos
cf32b7bd39
Say that public nonce is R and private nonce is s
2020-11-30 12:31:10 +00:00
Pieter Wuille
3b1fb9600b
Clarify that R=infinity is invalid in BIP340
...
Also rename is_infinity to is_infinite is reference implementation,
to match the wording in BIP340.
2020-09-03 14:38:22 -07:00
Pieter Wuille
b6b0715c28
Clarify that Jacobian coordinates are the optimization, not the Legendre symbol
2020-08-26 15:56:23 -07:00
Pieter Wuille
8a3db73a84
Rename lift_x_even_y to lift_x
2020-08-20 13:24:20 -07:00
Pieter Wuille
5dadeb3e1c
Change tags to avoid collisions with earlier draft
2020-08-20 13:24:20 -07:00
Pieter Wuille
968096c451
Switch to even tiebreaker for R
2020-08-20 13:24:16 -07:00
Tim Ruffing
e98888322f
BIP340: Fix typo
2020-08-04 18:57:16 +02:00
Pieter Wuille
e331aadf92
Merge pull request #206 from jonasnick/some-fixups
...
BIP-0340: Miscellaneous fixups
2020-07-21 19:38:23 -07:00
Jonas Nick
7e9b4dd620
BIP-0340: note that adapting the spec to other curves is insecure
2020-07-21 18:44:46 +00:00
Pieter Wuille
005586d2fd
Clarify security argument of x-only pubkeys better
2020-07-20 14:39:28 -07:00
Jonas Nick
2611302d83
BIP-0340: Remove last remaining mention of Jacobi symbol
...
Jacobi symbol can be confusing because it may suggest that the modulus is
composite.
Thanks to Alan Szepieniec for pointing out this issue.
2020-07-18 20:14:51 +00:00
Jonas Nick
804538f141
BIP-0340: small fixups
...
- key prefixing means prefixing the message
- array indexing starts with 0
- 'Gennaro' is spelled with two n's
- has_even_y definition takes P as argument
Thanks to Alan Szepieniec for pointing out these issues.
2020-07-18 20:14:36 +00:00
Tim Ruffing
a6301c5af0
Optionally print intermediate values in reference code
...
and make reference code and pseudocode more consistent with each other
2020-03-12 21:15:52 +01:00
Tim Ruffing
cd19095fb0
Switch to only 32 bytes aux
2020-02-29 11:21:24 +01:00
Tim Ruffing
4f482a6748
Fix a few minor issues
...
* Recommend a byte length for aux random data
* Clarify that with signature verification by default at the end of the signing algorithm, using public keys from untrusted sources is not an issue.
* A few editorial nits
2020-02-24 21:59:13 +01:00
Pieter Wuille
88d30c704f
Address comments
2020-02-23 19:45:10 -08:00
Pieter Wuille
806b46fde1
Switch to new synth nonce scheme and make it default
2020-02-23 19:43:20 -08:00
Anthony Towns
453947f43a
give bip32 conversion its own section
2020-02-23 19:40:21 -08:00
Anthony Towns
455504b3af
Include d in nonce rather than d'
2020-02-23 19:40:19 -08:00
Anthony Towns
8a009b90d8
notes about precomputed pubkey data
2020-02-23 19:39:00 -08:00
Pieter Wuille
d11cf65b6c
Change tags to prevent inconsistent breakage with earlier draft
2020-02-23 19:35:22 -08:00
Pieter Wuille
6581a87ff2
Switch to even-y tiebreaker for pubkeys
2020-02-23 19:33:35 -08:00
Jonas Nick
ddc31eb6f6
BIP-340: Improve wording of recommendation for fresh secret keys
2020-02-23 19:33:13 -08:00
Jonas Nick
8b4f79b6f6
BIP-340: Stress that secret key should be fresh and if not then RFC6979 shouldn't be used
2020-02-23 19:33:13 -08:00
Keagan McClelland
4b18c45e74
Update bip-0340.mediawiki
2020-02-23 13:43:25 -08:00
Luke Dashjr
99d4de01cd
Merge pull request #884 from RandyMcMillan/patch-2
...
bip-0340: typo change intent to intend
2020-02-19 22:47:00 +00:00
Jonas Nick
b4255dc83b
BIP 340: Recommend verifying the signing output
2020-01-28 22:04:39 +00:00
Jonas Nick
2874f1ffe7
BIP 340: Recommend synthetic nonces
2020-01-28 22:04:34 +00:00
@RandyMcMillan
66ab3565ef
change intent to intend
2020-01-26 16:44:37 -05:00
Pieter Wuille
9cf4038f17
fix BIP links
2020-01-20 07:35:26 -08:00
Pieter Wuille
c3b91dcc22
Fixes to headers
2020-01-19 14:48:58 -08:00
Pieter Wuille
e1914b8173
fixes
2020-01-19 14:48:58 -08:00
Pieter Wuille
1faa4b19bc
Rename BIPs
2020-01-19 14:47:33 -08:00