Blog

### Multiparty S6

Posted by: Adam Gibson | in Bitcoin | 2 months, 3 weeks ago | 10 comments

## The multiparty symmetrical Schnorr signature scriptless script shuffle

This blog is in the category of "a new-ish idea about privacy tech"; like similar previous ones (e.g.: CoinJoinXT) it is little more than an idea, in this case I believe it is correct, but (a) I could be wrong and there could be a flaw in the thinking and (b) it's not entirely clear how practically realistic it will be. What I do hope, however, is that the kernel of this idea is useful, perhaps in Layer 2 tech or in something I haven't even thought about.

### Ring signatures

Posted by: Adam Gibson | in Cryptography | 5 months ago | 0 comments

## Outline:

• Basic goal of 1-of-$$N$$ ring signatures
• Recap: the $$\Sigma$$-protocol
• OR of $$\Sigma$$-protocols, CDS 1994
• Abe-Ohkubo-Suzuki (AOS) 2002 (broken version)
• Security weaknesses
• Key prefixing
• Borromean, Maxwell-Poelstra 2015
• AND of $$\Sigma$$-protocols, DLEQ
• Liu-Wei-Wong 2004
• Security arguments for the LWW LSAG
• Back 2015; compression, single-use
• Fujisaki-Suzuki 2007 and Cryptonote 2014
• Monero MLSAG

## Basic goal of 1-of-$$N$$ ring signatures

The idea of a ring signature (the term itself is a bit sloppy in context, but let's stick with it for now) is simple enough:

### Liars, cheats, scammers and the Schnorr signature

Posted by: Adam Gibson | in Cryptography | 5 months ago | 1 comment

How sure are you that the cryptography underlying Bitcoin is secure? With regard to one future development of Bitcoin's crypto, in discussions in public fora, I have more than once confidently asserted "well, but the Schnorr signature has a security reduction to ECDLP". Three comments on that before we begin:

### Finessing commitments

Posted by: Adam Gibson | in Bitcoin, Cryptography | 5 months, 3 weeks ago | 4 comments

## Introduction

This post was mostly prompted by a long series of discussions had online and in person with many people, including in particular Adam Back and Tim Ruffing (but lots of others!) - and certainly not restricted to discussions I took part in - about the tradeoffs in a version of Bitcoin that does actually use Confidential Transactions.

### PayJoin

Posted by: Adam Gibson | in Bitcoin | 6 months ago | 0 comments

Bitcoin 12