summaryrefslogtreecommitdiff
path: root/bip-0340.mediawiki
diff options
context:
space:
mode:
authorYannick Seurin <yannick.seurin@gmail.com>2024-05-06 11:39:15 +0200
committerGitHub <noreply@github.com>2024-05-06 11:39:15 +0200
commit1f1f24f0efad7604c57b3570d7cd0ccee68b4984 (patch)
tree0589c8b2a44732267fb2b7964d56d27f30365509 /bip-0340.mediawiki
parent4dcdadee675db63e241cda71cdfca9ebe96ce0bf (diff)
downloadbips-1f1f24f0efad7604c57b3570d7cd0ccee68b4984.tar.xz
spelling out FROST
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
Diffstat (limited to 'bip-0340.mediawiki')
-rw-r--r--bip-0340.mediawiki2
1 files changed, 1 insertions, 1 deletions
diff --git a/bip-0340.mediawiki b/bip-0340.mediawiki
index 03ec45d..1d9aa29 100644
--- a/bip-0340.mediawiki
+++ b/bip-0340.mediawiki
@@ -266,7 +266,7 @@ While recent academic papers claim that they are also possible with ECDSA, conse
By means of an interactive scheme such as [https://eprint.iacr.org/2020/1261.pdf MuSig2] ([[bip-0327.mediawiki|BIP327]]), participants can aggregate their public keys into a single public key which they can jointly sign for. This allows ''n''-of-''n'' multisignatures which, from a verifier's perspective, are no different from ordinary signatures, giving improved privacy and efficiency versus ''CHECKMULTISIG'' or other means.
-Moreover, Schnorr signatures are compatible with [https://en.wikipedia.org/wiki/Distributed_key_generation distributed key generation], which enables interactive threshold signatures schemes, e.g., the schemes described by [http://cacr.uwaterloo.ca/techreports/2001/corr2001-13.ps Stinson and Strobl (2001)], [https://link.springer.com/content/pdf/10.1007/s00145-006-0347-3.pdf Gennaro, Jarecki, Krawczyk, and Rabin (2007)], [https://eprint.iacr.org/2020/852.pdf Komlo and Goldberg (2020)], or [https://eprint.iacr.org/2023/899.pdf Chu, Gerhart, Ruffing, and Schröder (2023)]. These protocols make it possible to realize ''k''-of-''n'' threshold signatures, which ensure that any subset of size ''k'' of the set of ''n'' signers can sign but no subset of size less than ''k'' can produce a valid Schnorr signature.
+Moreover, Schnorr signatures are compatible with [https://en.wikipedia.org/wiki/Distributed_key_generation distributed key generation], which enables interactive threshold signatures schemes, e.g., the schemes by [http://cacr.uwaterloo.ca/techreports/2001/corr2001-13.ps Stinson and Strobl (2001)], by [https://link.springer.com/content/pdf/10.1007/s00145-006-0347-3.pdf Gennaro, Jarecki, Krawczyk, and Rabin (2007)], or the [https://eprint.iacr.org/2020/852.pdf FROST] scheme including its variants such as [https://eprint.iacr.org/2023/899.pdf FROST3]. These protocols make it possible to realize ''k''-of-''n'' threshold signatures, which ensure that any subset of size ''k'' of the set of ''n'' signers can sign but no subset of size less than ''k'' can produce a valid Schnorr signature.
=== Adaptor Signatures ===