Follow

Signature half-aggregation in libsecp256k1 with the blockstream guys, looks interesting for the cryptography nerds out there:

youtube.com/watch?v=Dns_9jaNPN

· · Web · 1 · 0 · 1

The paper this is based on: eprint.iacr.org/2021/350.pdf

Actually really interesting. Not quite like just a "AND of sigma protocols" in which you share a hash challenge across multiple assertions, but a randomized linear combination of sigma protocols (forcing unpredictable weightings for each of the signatures), and outputting (R_1..R_n, S_agg). At least that's my at-first-skim sense of it. That's pretty powerful, and I'm not surprised they have a decent security proof for it.

Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!