The MuSig paper has been updated to address the security flaw. See https://twitter.com/pwuille/status/998314349969031170
Ah, great. Thank you. I don't follow Twitter so I did not know about this.
Topic: Okamoto Beats Schnorr (Read 178 times)
Ah, great. Thank you. I don't follow Twitter so I did not know about this.
The MuSig paper has been updated to address the security flaw. See https://twitter.com/pwuille/status/998314349969031170
Once in a while I will browse through IACR papers and read through interesting ones. Today I've encoutered this
https://eprint.iacr.org/2018/417.pdf Okamoto Beats Schnorr: On the Provable Security of Multi-Signatures
The authors claim they found a hole in security proof of MuSig:
I'm reading through it but it goes over my head. Anyone more knowledgeable care to comment on the MuSig security proof flaw?
https://eprint.iacr.org/2018/417.pdf Okamoto Beats Schnorr: On the Provable Security of Multi-Signatures
The authors claim they found a hole in security proof of MuSig:
Quote
Our first result essentially shows that the CoSi and MuSig schemes cannot be proved secure. (This obviously contradicts the security proof of MuSig [21], but we point out that the proof is flawed.) More precisely, we prove that if the OMDL problem is hard, then there cannot exist an algebraic black-box reduction that proves CoSi or MuSig secure under the DL or OMDL assumption.
I'm reading through it but it goes over my head. Anyone more knowledgeable care to comment on the MuSig security proof flaw?
Jump to: