Multi party Schnorr Rust implementation
Omer Shlomovits wrote:
Hello all, I am working for the past few months with collaborators (in cc) on providing Rust reference implementations to existing multi party schemes for Schnorr signatures . This includes aggregated signatures, accountable signatures (which for n out of n are multi-signatures) and threshold signatures (wip).
The project can be found here:
https://github.com/KZen-networks/multi-party-schnorr . We aim that if the protocol is run in a configuration of a single party it
will be bip-schnorr  compliant. Hope you’ll find it useful :)
Questions, suggestions and pull requests are welcome!
According to Devrandom, interactive signatures are not ideal for air-gapped use cases so candidates for non-interactive signatures will be more suitable for Omer’s proposal.
However, Anthony Towns suggested a way around the issue by ‘batching’ signing requests, which for interactive multisignatures, the protocol is to
produce secret nonce r, calculate public nonce
everyone shares H(R)
everyone shares R, checks received values match received hashes
s = r+H(R',P',m) * p, shares s
The process is slightly different for Deterministic nonces. r is generated based on messages being signed and private keys. Also, one does not require deterministic keys in this case but the same nonce should not be used with a different message. This method will produce a similar result to interactivity.
Support us and the authors of this article by donating to the following address:3AjekYMC1xM36DUzGjqCPqx8KYg56iMUYp