Elliott Jin
aa1acb4bd1
musig-spec: improve security argument for handling infinity
...
Co-authored-by: Tim Ruffing <crypto@timruffing.de>
2022-01-27 05:23:15 -08:00
Jonas Nick
69b392f3cb
musig: move explanation for aggnonce=inf to spec
2022-01-24 15:50:42 +00:00
Jonas Nick
4824220bb7
musig-spec: describe NonceGen, NonceAgg, Sign,PartialSig{Verify,Agg}
2022-01-24 15:50:42 +00:00
Jonas Nick
3c122d0780
musig-spec: improve definition of lift_x
2022-01-24 15:50:42 +00:00
Jonas Nick
e0bb2d7009
musig-spec: improve KeyAgg description
...
It's easier to identify a signer with a public key instead of an index in
KeyAggCoef because it doesn't force the signer to know its index.
2022-01-24 15:50:39 +00:00
Jonas Nick
b8f4e75d89
musig-spec: move to doc directory
2022-01-24 15:45:51 +00:00
Jonas Nick
3ed0d02bf7
doc: add CHANGELOG template
2021-12-23 14:47:15 +00:00
Jonas Nick
6f42dc16c8
doc: add release_process.md
2021-12-23 14:47:15 +00:00
Elliott Jin
dc9b6853b7
doc: Minor fixes in safegcd_implementation.md
2021-11-15 21:16:00 -06:00
Pieter Wuille
277b224b6a
Use modified divsteps with initial delta=1/2 for constant-time
...
Instead of using eta=-delta, use zeta=-(delta+1/2) to represent
delta. This variant only needs at most 590 iterations for 256-bit
inputs rather than 724 (by convex hull bounds analysis).
2021-04-13 11:59:11 -07:00
Pieter Wuille
376ca366db
Fix typo in explanation
2021-04-13 11:58:54 -07:00
Pieter Wuille
d8a92fcc4c
Add extensive comments on the safegcd algorithm and implementation
...
This adds a long comment explaining the algorithm and implementation choices by building
it up step by step in Python.
Comments in the code are also reworked/added, with references to the long explanation.
2021-03-08 09:56:07 -08:00
