New blog post, "The Soundness of MuSig"
(I hope my explanations are better than my puns ... doubtful though 😂 ).
There's tons missed from even this long analysis: for example, what is MuSig-DN and how does it fit in; the entirely separate schemes that came up around the same time (e.g. FROST https://eprint.iacr.org/2020/852.pdf), that use apparently very similar concepts re: achieving 2-round multisig, the AOMDL vs OMDL. But it's a lot to chew over.
I was mostly motivated by what I found most interesting about this case: that security proof issues were closely replicated by *actual* attacks.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!