Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MuSig2 module #1452

Open
jonasnick opened this issue Dec 5, 2023 · 6 comments · May be fixed by #1479
Open

Add MuSig2 module #1452

jonasnick opened this issue Dec 5, 2023 · 6 comments · May be fixed by #1479
Labels
feature
Milestone
0.5.0

Comments

@jonasnick
Copy link
Contributor

I think a module for MuSig2 would be in the scope of libsecp256k1. Its relevance for the Bitcoin ecosystem is demonstrated by several factors:

  • MuSig2 is already being adopted for Bitcoin payments.
  • I have been inquired by various Lightning and (hardware) wallet developers about if and when MuSig2 will be in libsecp.
  • Various developers of LN and (hardware) wallets have inquired about the integration of MuSig2 into libsecp and its timeline.
  • There are specifications that depend on MuSig2, such as the "simple taproot channels" BOLT and MuSig2 PSBT and descriptor BIPs.

MuSig2 has a detailed specification (with reference code and test vectors) and security proofs.

I suggest to copy the MuSig2 module from libsecp256k1-zkp which has already undergone significant review. I volunteer to do this. We should, however, remove the functions for MuSig2 adaptor signatures as they lack both a specification and a satisfactory security proof.
@jonasnick jonasnick added this to the 0.5.0 milestone Dec 5, 2023
@real-or-random
Copy link
Contributor

Concept ACK

We should, however, remove the functions for MuSig2 adaptor signatures as they lack both a specification and a satisfactory security proof.

Makes sense.

@real-or-random real-or-random mentioned this issue Dec 5, 2023
Open
7 tasks
@LLFourn
Copy link

LLFourn commented Dec 5, 2023

We should, however, remove the functions for MuSig2 adaptor signatures as they lack both a specification and a satisfactory security proof.

I read this and assumed it just means not peer reviewed to the same standard as the MuSig2 protocol itself not that you had found a problem with your security proof you proposed for MuSig + adaptor before. Is this right?

@sipa
Copy link
Contributor

sipa commented Dec 6, 2023

Concept ACK

@t-bast
Copy link

t-bast commented Dec 6, 2023

Concept ACK, we'd be happy to start integrating this into lightning once that PR is opened!

@sstone sstone mentioned this issue Dec 6, 2023
Merged
@jonasnick
Copy link
Contributor Author

@LLFourn Yes that's right. I'm not aware of any problems with the adaptor signature scheme as implemented in the secp256k1-zkp MuSig2 module. The only analysis of its security I'm aware of is this proof sketch: https://github.com/BlockstreamResearch/scriptless-scripts/blob/a8b6ff21fc7f4529eabbe639fbff49f047a3579d/md/musig2-adaptorsig.md.

@jonasnick
Copy link
Contributor Author

I should note that the MuSig2 implementation in libsecp256k1-zkp uses a secp256k1_scratch_space in the API which affects attempts to get rid of the scratch space.

@jonasnick jonasnick linked a pull request Jan 6, 2024 that will close this issue
Open
@real-or-random real-or-random mentioned this issue Jan 16, 2024
Merged
real-or-random added a commit that referenced this issue Jan 17, 2024
@real-or-random
Merge #1482: build: Clean up handling of module dependencies
3bf4d68 
e682267 build: Error if required module explicitly off (Tim Ruffing)
89ec583 build: Clean up handling of module dependencies (Tim Ruffing)

Pull request description:

  This is a cleanup which makes it easier to add further modules with dependencies, e.g., in #1452. The diff looks larger than it is because I also reordered the modules and made the order consistent between CMake and autotools.

  (We noticed that the current logic could be improved in BlockstreamResearch/secp256k1-zkp#275.)

ACKs for top commit:
  jonasnick:
    ACK e682267
  hebasto:
    ACK e682267.

Tree-SHA512: 040e791e5b5b9b8845a39632633a45ca759391455910bdefba2b7b77c6340e65df6eda18199ae2ad65c30ee2fc6630471437aec143c26fe09ae4c11409a37622
@bigspider bigspider mentioned this issue Feb 13, 2024
Open
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
0.5.0
Development

Successfully merging a pull request may close this issue.

Add module "musig" that implements MuSig2 multi-signatures (BIP 327) jonasnick/secp256k1
5 participants
@sipa @real-or-random @jonasnick @LLFourn @t-bast