How does MuSig work in actual Bitcoin eventualities? Questions on communication and steps

0
15
How does MuSig work in actual Bitcoin eventualities? Questions on communication and steps


Signature Era

  1. Let L = h(P1 || ... || Pn). Every participant computes the digest: ai = h(L || Pi).
  2. Compute the aggregated public key: X̃ = Σ (ai * Pi) for i = 1, ..., n. is made public.
  3. Every participant randomly selects ri and computes: Ri = ri * G. Every participant sends their dedication: ti = h(Ri) to all different individuals.
  4. After receiving the opposite n-1 commitments, every participant sends their level Ri.
  5. After receiving the opposite n-1 factors Ri, every participant verifies: ti = h(Ri) for all i ∈ {1, ..., n}.
  6. Calculate the aggregated level: Rsum = R1 + ... + Rn.
  7. Every participant computes the problem: c = h(Rsum || X̃ || M).
  8. Every participant calculates their partial signature: si = ri + c * di * ai mod N.Lastly, compute the aggregated signature: ssum = s1 + ... + sn mod N.
  9. The signature is the pair (Rsum, ssum).

Signature Verification
Examine if:
ssum * G = Rsum + c * X̃.

Questions:

  1. Sharing ti, Ri, and si:
    How do individuals ship their commitments (ti), share their Ri values, and alternate partial signatures (si)? What does this course of seem like in observe? Is there a regular, asynchronous, and user-friendly technique to handle this in software program? Or do individuals must manually compute their si, sum them, and share the outcomes forwards and backwards?

  2. Verification Course of:
    Who verifies the ultimate signature (Rsum, ssum)? When and the way does this verification occur in real-world Bitcoin use instances? Is the verification finished through P2SH scripts?
    And relating to the initiation of the verification course of—does a participant (e.g., one of many multisig signers) who has collected all of the Rsum and ssum values create the transaction from the P2SH handle? Or am I misunderstanding this circulate?

  3. What Occurs With out Commitments?
    What might an adversary do if the commitments (ti) weren’t a part of the protocol? What sort of assaults might happen, and the way would they exploit the dearth of commitments?

LEAVE A REPLY

Please enter your comment!
Please enter your name here