Bitcoin Forum
May 07, 2024, 10:04:52 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Okamoto Beats Schnorr
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Okamoto Beats Schnorr  (Read 154 times)
Manfred Macx (OP)
Full Member
***
Offline Offline

Activity: 205
Merit: 105


View Profile WWW
June 02, 2018, 06:21:17 PM
 #1
Once in a while I will browse through IACR papers and read through interesting ones. Today I've encoutered this

https://eprint.iacr.org/2018/417.pdf Okamoto Beats Schnorr: On the Provable Security of Multi-Signatures

The authors claim they found a hole in security proof of MuSig:
Quote
Our first result essentially shows that the CoSi and MuSig schemes cannot be proved secure. (This obviously contradicts the security proof of MuSig [21], but we point out that the proof is flawed.) More precisely, we prove that if the OMDL problem is hard, then there cannot exist an algebraic black-box reduction that proves CoSi or MuSig secure under the DL or OMDL assumption.

I'm reading through it but it goes over my head. Anyone more knowledgeable care to comment on the MuSig security proof flaw?
http://www.meetup.com/Bitcoin-Group-Zagreb/
http://btc-croatia.blogspot.hr/
It is a common myth that Bitcoin is ruled by a majority of miners. This is not true. Bitcoin miners "vote" on the ordering of transactions, but that's all they do. They can't vote to change the network rules.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 3388
Merit: 6631


Just writing some code


View Profile WWW
June 03, 2018, 05:34:16 AM
 #2
The MuSig paper has been updated to address the security flaw. See https://twitter.com/pwuille/status/998314349969031170
Bitcoin Core contributor | Tip Me! | GitHub | GPG Key Fingerprint 0x17565732E08E5E41
Manfred Macx (OP)
Full Member
***
Offline Offline

Activity: 205
Merit: 105


View Profile WWW
June 03, 2018, 07:14:35 AM
 #3
Quote from: achow101 on June 03, 2018, 05:34:16 AM
The MuSig paper has been updated to address the security flaw. See https://twitter.com/pwuille/status/998314349969031170

Ah, great. Thank you. I don't follow Twitter so I did not know about this.
http://www.meetup.com/Bitcoin-Group-Zagreb/
http://btc-croatia.blogspot.hr/
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Okamoto Beats Schnorr
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!