pull down to refresh
0 sats \ 5 replies \ @patrick1 27 Mar 2023 \ on: BIP-327 was merged! bitcoin
Cool. What does this mean for users?
One of the biggest motivations for Taproot was that Schnorr signatures/public keys can be combined into a single signature, and be indistinguishable from a singlesig.
MuSig2 is one signature aggregation scheme for Schnorr signatures, and this is the one whose implementation BIP 327 talks about.
It's a big win for both fee reduction and privacy. If wallets implement this scheme, then a 2-of-2 or a 100-of-100 (or any n-of-n as far as I can tell) will be as cheap and indistinguishable from a regular singlesig Taproot spend, which also means greater anonymity for all Taproot wallets (is it a singlesig address, is it a multisig address, is it a multisig with alternate spending conditions like Lightning, who knows!)
MuSig2 support is also planned for Lightning (along with Taproot), so in the case of a cooperative close, your LN channel close will look just like a Taproot spend (with lowered fees as well).
Also, MuSig2 will make LN channel gossip messages smaller. From what I remember, when information about channels is being passed around the network, it includes proof that the on-chain UTXO belongs to this node by providing signatures for 4 keys (2 Node ID keys, and 2 UTXO spending keys). With MuSig2, you could have a single signature for all 4 keys, leading to lower bandwidth usage.
reply
Great! I thought taproot itself allowed that. Anyway the bottleneck here are not the BIPs but the development of software that can make use of those upgrades.
reply
Taproot enabled Schnorr signatures which can be aggregated this way.
However you have to aggregate the keys with great care. Simply adding the keys together opens you up to rogue key attacks from what I recall. Thus there's been several proposals for aggregation including MuSig, MuSig2, MuSig-DN, etc. It seems this BIP is standardizing MuSig2 for wallets/other applications
reply
Oh I did not know that. I remember listening to tadje dryja talking about that in 2019 on youtube but I guess he skipped that part for the sake of simplicity. Do you know a good resource for learning about signature aggregation and proposals?
reply
For key aggregation (multi-signature applications): https://medium.com/blockstream/musig2-simple-two-round-schnorr-multisignatures-bf9582e99295
For signature aggregation (combining signatures, a potential fork of Bitcoin that could allow you to provide only 1 signature for multiple inputs, reducing fees): https://github.com/BlockstreamResearch/cross-input-aggregation
reply