The Appeal Of Bitcoin

QuestionsThe Appeal Of Bitcoin
Salvatore Cowan (Malta) asked 2 månader ago

Bitcoin is 100% percent digital, meaning there is no physical cash variant for you to put in your pocket and bring to the supermarket with you. But there is no proof that there is no other malleability in ECDSA. First can we take Schnorr as a drop-in replacement for ECDSA as it exists in Bitcoin? P2P markets: P2P marketplaces offer platforms where Bitcoin buyers and sellers can meet and trade. At any time, you can trade your 10 BTCB for 10 BTC, meaning that the price of BTCB should closely track that of native BTC. Key recovery is the trick where if I give you a signature and a message you can derive what the public key was that would’ve signed this. Or in other words the message you are signing is not just the message but is a concatenation of the public key and the message. What this means is that if there is a fixed chosen public key in advance it is impossible to create a signature for that key without having the key for any message even messages that an attacker can choose. As I told you, you can create a signature with a group of people together that is valid for the sum of your public keys.
1. He told only half the truth: He stated facts about merchants not being able to accept it because it was too volatile. Aside from being easy to use, fast, and flexible, one of the advantages of Abra is that the company uses peer-to-peer technology, so your money goes directly from you to your recipient with no middleman, allowing for your transactions to be very quick and inexpensive. Lift Apps are amazing, but they may be inconsistent, and the price swings so much that it’s difficult to keep track – and they can even be dangerous – so provide an option to your community and you’ll make money every time you flip the key. The idea is that in Schnorr you can take a bunch of keys together and have a single signature that proves all of them signed. It turns out if you take Schnorr signatures naively and apply it to an elliptic curve group it has a really annoying interaction with BIP 32 when used with public derivation.
This is exactly what we want for Bitcoin blocks because they are big batches of signatures to validate. If you are Spinoza or Socrates, then ok. However, BSC will then cement itself as a serious alternative. For Schnorr we know that if the random oracle model is an assumption we can make and the discrete logarithm problem is hard then we can 100 percent prove it is secure. And can we apply it to multisig signatures? So you two want to create a multisig address together. This is nice for k-of-k multisig because now I can say “You, you and you all need to sign. A group of people can jointly create a signature that is valid for the sum of their keys. We don’t have fixed keys in advance. You don’t say “My key is Q2” you say “My key is Q2 – Q1”. You say “my explanation key is Q1″ but your actual key is Q2.
However, it can be compromised if the hardware, software or cryptographic key to the corresponding wallet is lost. You can choose your keys in such a way that other people’s keys get cancelled out. The result is now that instead of adding the keys together it’s the sum of the keys multiplied by their own hashes. This is a very unexpected result that is not necessarily a problem under standard assumptions. The security proof of Schnorr signatures says that they are existentially unforgeable under the assumptions I mentioned before. What I am going to try to convince you is that we need a standard for Schnorr signatures not an existing one. ECDSA is documented and it exactly specifies all the math that has to happen, exactly how signatures are serialized, how the public keys are serialized, exactly what each bit means. ECDSA does not have any proof. This nice proof of existential unforgeability but we need to test whether that is the only thing we want.