summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-01-19Add rationale on security assumptionsPieter Wuille
2020-01-19Add an informal summary of the designPieter Wuille
2020-01-19Improve and restructure motivation and designPieter Wuille
2020-01-19bip-taproot: example from diagramMatthew Zipkin
2020-01-19Update bip-schnorr.mediawikiPieter Wuille
Co-Authored-By: Tim Ruffing <crypto@timruffing.de>
2020-01-19Linearity makes sign-for-sum-of-keys easier, not possible entirely.Pieter Wuille
I'm sure it's possible to construct a complex MPC that can sign for the sum of keys under ECDSA as well.
2020-01-19Update bip-schnorr.mediawikiTim Ruffing
2020-01-19Mention that we don't change the hash functionTim Ruffing
2020-01-19Completely specifiedPieter Wuille
2020-01-19Low-S ECDSA is non-malleable under nonstandard assumptionsPieter Wuille
2020-01-19Replace private key with secret keyJonas Nick
2020-01-19Clarify why we don't want short hashesTim Ruffing
This is supposed to supersede https://github.com/sipa/bips/pull/158. I tried to say this carefully. I don't think that multiparty signing is in general broken with short hashes. For example the attack in #158 could be avoided by letting everybody not only commit to the nonce but also to the message. It's just that using a collision-resistant hash just eliminates the problem entirely...
2020-01-19Fix reference formattingHennadii Stepanov
2020-01-19Typo: script signature max bytes unhashed are 247Orfeas Stefanos Thyfronitis Litos
2020-01-19Typo: max bytes hashed for sig is 210Orfeas Stefanos Thyfronitis Litos
2020-01-19Replace BIP66 link with BIP146Orfeas Stefanos Thyfronitis Litos
BIP66 does not mention the inherent ECDSA malleability, but BIP146 does
2020-01-19fix singular/plural ambiguitystefanwouldgo
2020-01-19Replace signing with signature before validationOrfeas Stefanos Thyfronitis Litos
2020-01-19Link to proof sketch of security of implicit YOrfeas Stefanos Thyfronitis Litos
Thanks to @ajtowns for providing the link
2020-01-19Mention that miners could malleate signaturesOrfeas Stefanos Thyfronitis Litos
2020-01-19Mention hash_type malleability would change wtxidOrfeas Litos
2020-01-19Clarify bip-taproot digest difference to bip143 regarding sub-hashesJonas Nick
2020-01-19Improve clarity of footnotes for lift_xJonas Nick
2020-01-19Replace references to Euler's criterion with Legendre symbol in bip-schnorrJonas Nick
2020-01-19Fix bip-schnorr footnote 7 by specifying that we're referring to P's y ↵Jonas Nick
coordinate and not some undefined 'x'
2020-01-19Fix @jonasnick's commentKalle Rosenbaum
2020-01-19NitsKalle Rosenbaum
2020-01-19Replace "both are not" with "neither is"Orfeas Litos
2020-01-19Update bip-tapscript.mediawikiandrewtoth
2020-01-19Add missing closing parenthesis and commaandrewtoth
2020-01-19Fix paragraph naming and typoHennadii Stepanov
2020-01-19Rephrase "previous design choice" to "list above"Orfeas Stefanos Thyfronitis Litos
2020-01-19grammar typo fix: inserted "be"stefanwouldgo
2020-01-19Rename is_y_square to is_negated in taproot signingJonas Nick
2020-01-19Add missing dots that denote multiplicationDmitry Petukhov
Throughout the document, elliptic curve multiplication is denoted with dots, as in `d'⋅G` as opposed to `d'G`. This is not the case in one place in the 'Default Signing' section, and one place in 'Adaptor Signatures' section Missing dots are added for consistency.
2020-01-19Add missing quoteOrfeas Stefanos Thyfronitis Litos
2020-01-19Fix typo in schnorr, footnote 2Orfeas Stefanos Thyfronitis Litos
2020-01-19make clear it's script branchMax Hillebrand
In this context we are talking about the script branch, not the Merkle tree branch, right? If so, then this should clear things up a little.
2020-01-19tapscript: fix minor typoThomas Kerin
2020-01-19 bip-taproot: clarify bip-schnorr reference codeJon Atack
- update the paragraph in question to more clearly convey that the helper functions, and not the Python3 example code, are from the bip-schnorr reference code - add a link to the reference code in https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr/reference.py
2020-01-19Add links to unlinked BIPsOrfeas Stefanos Thyfronitis Litos
Only first mention of each BIP is made into a link
2020-01-19Add clarification of semantics of 0x00 hash typeAdam Gibson
2020-01-19G refers to secp256k1 base point rather generatorHennadii Stepanov
2020-01-19FIX: BIPs should be specified as lowercase to match filenamesAnthony
2020-01-19ADD: Require Schnorr and Taproot BIPs for TapscriptAnthony
https://github.com/sipa/bips/pull/135#issuecomment-552754867
2020-01-19ADD: Require Schnorr BIP for TaprootAnthony
Per https://github.com/bitcoin/bips/blob/master/bip-0001.mediawiki: "BIPs may have a Requires header, indicating the BIP numbers that this BIP depends on"
2020-01-19tweak 211 bytes textDev Random
2020-01-19clarify 211 hash bytes and non-reuse of keysDevrandom
2020-01-19remind reader where [:] is definedGregory Sanders
in addition to `point`. This caused confusion for one reader who expected inclusive at end of range.
2020-01-19Replace R with P in taproot_tweak_seckeyOrfeas Stefanos Thyfronitis Litos