Signature half-aggregation in libsecp256k1 with the blockstream guys, looks interesting for the cryptography nerds out there:


The paper this is based on:

Actually really interesting. Not quite like just a "AND of sigma protocols" in which you share a hash challenge across multiple assertions, but a randomized linear combination of sigma protocols (forcing unpredictable weightings for each of the signatures), and outputting (R_1..R_n, S_agg). At least that's my at-first-skim sense of it. That's pretty powerful, and I'm not surprised they have a decent security proof for it.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!