summaryrefslogtreecommitdiff
path: root/bip-schnorr.mediawiki
diff options
context:
space:
mode:
authorPieter Wuille <pieter.wuille@gmail.com>2019-10-25 10:18:29 -0700
committerGitHub <noreply@github.com>2019-10-25 10:18:29 -0700
commitda4721cdc62ba35230643723a0f01ca1f9fc397c (patch)
treea28dbc097bf270bf25726b93cd1f8356a9c1f57a /bip-schnorr.mediawiki
parent322ce53625fdb2be34e6b4ccfa3226cc96887e33 (diff)
Update bip-schnorr.mediawiki
Co-Authored-By: Tim Ruffing <tim@timruffing.de>
Diffstat (limited to 'bip-schnorr.mediawiki')
-rw-r--r--bip-schnorr.mediawiki3
1 files changed, 2 insertions, 1 deletions
diff --git a/bip-schnorr.mediawiki b/bip-schnorr.mediawiki
index f8d0f47..6830ec7 100644
--- a/bip-schnorr.mediawiki
+++ b/bip-schnorr.mediawiki
@@ -155,7 +155,8 @@ It should be noted that various alternative signing algorithms can be used to pr
'''Nonce exfiltration protection''' It is possible to strengthen the nonce generation algorithm using a second device. In this case, the second device contributes randomness which the actual signer provably incorporates into its nonce. This prevents certain attacks where the signer device is compromised and intentionally tries to leak the private key through its nonce selection.
-'''Multisignatures''' This signature scheme is compatible with various types of multisignature and threshold schemes, where a single public key requires holders of multiple private keys to participate in signing. One example is [https://eprint.iacr.org/2018/068 MuSig], which provides a way to aggregate multiple public keys into a single one, which all of the corresponding private keys need to sign for. It is important to note that multisignature signing schemes in general ''cannot'' be used with the nonce generation from the default signing algorithm above (or any deterministic nonce algorithm).
+'''Multisignatures''' This signature scheme is compatible with various types of multisignature and threshold schemes such as [https://eprint.iacr.org/2018/068 MuSig], where a single public key requires holders of multiple private keys to participate in signing (see Applications below).
+'''It is important to note that multisignature signing schemes in general are insecure with the nonce generation from the default signing algorithm above (or any deterministic nonce algorithm).'''
==== Verification ====