[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cryptography] Schnorr multisignatures based on ED22519
On Sun, May 5, 2019 at 4:52 AM <jamesd AT echeque.com> wrote:
> I have heard it said that ED25519 supports Schnorr multisignatures,
> The Libsodium documentation contains no mention of multi signatures,
> and, because ED25519 is nonprime group, it seems to me that implementing
> Schnorr multisignatures would require an expert in the mathematics of
> elliptic curves - I certainly have no idea how to even begin, and would
> not trust code written by someone not well known.
> Libsodium supports the prime group Ristretto255, though only in the
> development version, not yet the stable version, with which a person of
> ordinary skills could implement Schnorr multisignatures but it is not
> apparent that this would play nice with LibSodium's built in high level
> encryption and signing code.
> So, should I forget about Schnorr multisignatures, and just do what
> everyone else does: Tuples?
> Or does Libsodium support multisignatures somewhere in the
> documentation, and I have been looking in the wrong place?
> The cryptography mailing list
> cryptography AT metzdowd.com
Jeff Burdges implemented Schnorr signatures over the Ristretto group
in Rust in the "schnorrkel" library. It includes multisignatures --
the documentation link here provides links to papers as well.
The cryptography mailing list
cryptography AT metzdowd.com