[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Schnorr multisignatures based on ED22519



On Sun, May 5, 2019 at 4:52 AM <jamesd AT echeque.com> wrote:
>
> I have heard it said that ED25519 supports Schnorr multisignatures,
>
> The Libsodium documentation contains no mention of multi signatures,
> and, because ED25519 is nonprime group, it seems to me that implementing
> Schnorr multisignatures would require an expert in the mathematics of
> elliptic curves - I certainly have no idea how to even begin, and would
> not trust code written by someone not well known.
>
> Libsodium supports the prime group Ristretto255, though only in the
> development version, not yet the stable version, with which a person of
> ordinary skills could implement Schnorr multisignatures but it is not
> apparent that this would play nice with LibSodium's built in high level
> encryption and signing code.
>
> So, should I forget about Schnorr multisignatures, and just do what
> everyone else does:  Tuples?
>
> Or does Libsodium support multisignatures somewhere in the
> documentation, and I have been looking in the wrong place?
> _______________________________________________
> The cryptography mailing list
> cryptography AT metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

Jeff Burdges implemented Schnorr signatures over the Ristretto group
in Rust in the "schnorrkel" library. It includes multisignatures --
the documentation link here provides links to papers as well.

https://docs.rs/schnorrkel/0.1.1/schnorrkel/musig/index.html
_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography