Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Implement two-round mBCJ multi-signature scheme #15
We should implement the two round mBCJ signature scheme from pages 21 and 21 of https://eprint.iacr.org/2018/417.pdf using session type in the vein of the musig implementation in multi.rs
It requires a different verification from a schnorr signature, and comes with proofs-of-possession and a strange hierarchical relationship among the signers, but it does a two-round trip multi-signature without pairings.
This was referenced
Feb 13, 2019
I looked into mBCJ further. As written, it requires an aggregator check the proof-of-possession, but a malicious aggregator could simply ignore this, maybe permitting rogue public key attacks. I have not checked their security proof but it likely sweeps this under the rug with the key model. At some point @hndnklnc and I should look into a delinearized variant of mBCJ.