On Wed, Oct 11, 2023 at 11:59:16PM +0000, Andrew Chow via bitcoin-dev wrote: > On 10/11/2023 07:47 PM, Anthony Towns wrote: > > On Tue, Oct 10, 2023 at 10:28:37PM +0000, Andrew Chow via bitcoin-dev wrote: > >> I've written up a BIP draft for MuSig2 PSBT fields. It can be viewed at > >> https://github.com/achow101/bips/blob/musig2-psbt/bip-musig2-psbt.mediawiki. > > > > I was hoping to see adaptor signature support in this; but it seems that's > > also missing from BIP 327? > This is the first time I've heard of that, so it wasn't something that I > considered adding to the BIP. Really the goal was to just be able to use > BIP 327.
Yeah, makes sense. The other related thing is anti-exfil; libwally's protocol for that (for ecdsa sigs) is described at: https://wally.readthedocs.io/en/release_0.8.9/anti_exfil_protocol/ https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/include/secp256k1_ecdsa_s2c.h Though that would probably want to have a PSBT_IN_S2C_DATA_COMMITMENT item provided before MUSIG2_PUB_NONCE was filled in, then PSBT_IN_S2C_DATA and PSBT_IN_NONCE_TWEAK can be provided. (Those all need to have specific relationships in order to be secure though) > But that doesn't preclude a future BIP that specifies how to use adaptor > signatures and to have additional PSBT fields for it. It doesn't look > like those are mutually exclusive in any way or that the fields that > I've proposed wouldn't still work. Yeah, it's just that it would be nice if musig capable signers were also capable of handling s2c/anti-exfil and tweaks/adaptor-sigs immediately, rather than it being a "wait for the next release" thing... > I don't know enough about the topic to really say much on whether or how > such fields would work. I think for signers who otherwise don't care about these features, the only difference is that you add the tweak to the musig nonces before hashing/signing, which is pretty straightforward. So I think, if it were specced, it'd be an easy win. Definitely shouldn't be a blocker though. Here's another idea for formatting the tables fwiw: https://github.com/ajtowns/bips/blob/d8a90cff616d6e5839748a1b2a50d32947f30850/bip-musig2-psbt.mediawiki Cheers, aj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
