Replies: 2 comments
-
No, you'd need to fork the library. Our implementation supports only MuSig2 as specified in BIP327.
Note that this is not at all an "official" variant of MuSig2. (I'm not even sure it actually resembles MuSig2.) We can't vouch for its security. Blind Schnorr signatures (even in the single-signer case) are vulnerable to Wagner's attack when concurrent signing sessions are possible. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the answer. So I forked this library and added the blinding factor. The scheme is And I also added two new functions so that the server doesn't know the aggregated public key and the key aggregation coefficient. |
Beta Was this translation helpful? Give feedback.
-
I'm trying to implement a blinded MuSig2 protocol as suggested in https://github.com/commerceblock/mercury/blob/master/layer/protocol.md#signature-generation.
The protocol considers the aggregated nonce as
R_1 = R1_1 + r2_1.G + b1.P
, whereR1_1
andR2_1
are public nonces (secp256k1_musig_pubnonce
),b1
is a secret nonce (blind factor /secp256k1_musig_secnonce
) andP
is the aggregated public key (secp256k1_xonly_pubkey
).Is it possible to generate
b1.P
(instead ofb1.G
) as a public nonce for secret nonceb1
using secp256k1-zkp lib?secp256k1_musig_nonce_gen
doesn't seem to support this.Beta Was this translation helpful? Give feedback.
All reactions