aljaz/dlc-intro
1
1
Fork 0
mirror of https://github.com/aljazceru/dlc-intro.git synced 2025-12-17 05:54:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

...

Browse Source
This commit is contained in:
Gregor Pogačnik
2021-09-15 14:33:16 +02:00
parent eacfad882f
commit d57e6d9155
3 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
Claus-Peter_Schnorr.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

6
dlc.md
View File

@@ -4,7 +4,7 @@ is a wordplay on the "discrete logarithm problem" and the fact that contracts ar
### Refresher ### Refresher
s = k - h * d s = k - hash(message || R || P) * d
R = k*G R = k*G
@@ -15,7 +15,9 @@ Alice and Bob want to bet against each other, Olivia is the oracle
Olivia just publishes one R for that particular bet (she commits to a R value). All possible outcomes need to be known in advance! Olivia just publishes one R for that particular bet (she commits to a R value). All possible outcomes need to be known in advance!
Now anyone can calculate Now anyone can calculate
si * G. Let's say the bet is "heads" vs. "tails". si * G.
Let's say the bet is "heads" vs. "tails".
so so
- sHEADS * G = R - hash("heads" || R)*O - sHEADS * G = R - hash("heads" || R)*O

18
schnorr.md
View File

@@ -1,10 +1,12 @@
## Schnorr Signature Scheme ## Schnorr Signature Scheme
It was invented by german mathematician Claus-Peter Schnorr. Unfortunately he patented the scheme in 1988 (it expired in February 2008). So during the creation of Bitcoin it was "free", unfortunately the space lacked good libraries. Therefore ECDSA scheme was used. It was invented by german mathematician Claus-Peter Schnorr ![Claus-Peter Schnorr](./Claus-Peter_Schnorr.jpg).
Unfortunately he patented the scheme in 1988 (patent expired in February 2008). So during the creation of Bitcoin it was "free", unfortunately the space lacked good libraries. Therefore ECDSA scheme was used (which is more complicated on purpose to not violate the patent).
### Signature ### Signature
Signature is the pair (R, s) that must be in a certain relation. Signature is the pair (R, s) that must be in a certain relation (very similar to ECDSA just that s is calculated differently)
We choose a random integer k and calculate We choose a random integer k and calculate
@@ -33,6 +35,7 @@ s * G = k * G - (h * d)*G
s * G = k * G - d*G * h s * G = k * G - d*G * h
s * G = R - P * h s * G = R - P * h
h = hash(message || R || P) h = hash(message || R || P)
which we can verify since we have all that public data: which we can verify since we have all that public data:
@@ -60,16 +63,15 @@ If it isn't you can factor out d - which is your private key!
### MuSig (n/n) ### MuSig (n/n)
Unlike ECDSA Schnorr signatures are linear and can be combined. Unlike ECDSA Schnorr signatures are linear and can be combined. It is possible to "compress" multiple public keys into one and then also signers can cooperate and produce "master" private key corresponding to the master public key for spending the funds.
It is possible to "compress" multiple public keys into one and then
also signers can cooperate and produce master private key for spending the funds.
### Ring signatures ### Ring signatures
[Abe, Okhubo, Suzuki](https://cryptoservices.github.io/cryptography/2017/07/21/Sigs.html) usage of Schnorr signatures [Abe, Okhubo, Suzuki](https://cryptoservices.github.io/cryptography/2017/07/21/Sigs.html) usage of Schnorr signatures.
Idea is that you have participants P1, P2 ... Pn Idea is that you have participants with public keys P1, P2 ... Pn.
Anyone can sign but you can't know which of them was it.
Anyone can sign but you can't know which of them did it. Something similar is used in Monero.
[Previous - ECC](./ecc101.md) [Previous - ECC](./ecc101.md)