Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicitly Describe Adaptor Point Computation #156

Open
nkohen opened this issue Mar 11, 2021 · 2 comments · May be fixed by #158
Open

Explicitly Describe Adaptor Point Computation #156

nkohen opened this issue Mar 11, 2021 · 2 comments · May be fixed by #158
Assignees
@nkohen
Labels
adaptor-sigs documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers
Milestone
v0.1

Comments

@nkohen
Copy link
Contributor

nkohen commented Mar 11, 2021

It appears that the current specification, we do have a description of adaptor point computation

Given public key `P` and nonces `R1, ..., Rn` we can compute `n` individual signature points for
a given event `(d1, ..., dn)` in the usual way: `si * G = Ri + H(P, Ri, di)*P`.

(and its updated non-BIP340 version on the PR that updates things)

But, this is in the CETCompression specification in a section describing how we handle the "special case" where there is more than one nonce.

Nowhere is the "usual way: s*G = R + H(P, R, m)*P" included elsewhere in the specification such as in either the contract_info or oracle_announcement definitions or else maybe in the Protocol.md specification, and this should probably be included in one of those places.
@nkohen nkohen added documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers adaptor-sigs labels Mar 11, 2021
@nkohen nkohen added this to the v0.1 milestone Mar 11, 2021
@nkohen nkohen mentioned this issue Mar 11, 2021
Open
@nkohen nkohen self-assigned this Mar 11, 2021
@nkohen
Copy link
Contributor Author

nkohen commented Mar 11, 2021

On further thought, computing adaptor points deserves its own short document which will take out the relevant section from CETCompression.md and put that after an earlier section for enum outcomes and follow it with a small section on multi-oracle aggregation (likely taken out of that doc).

I'll be opening a PR for this soon

@nkohen
Copy link
Contributor Author

nkohen commented Mar 11, 2021

This document should also explicitly specify an order for the computed adaptor points which is then used as the order for cet_adaptor_signatures in the accept and sign messages.

@nkohen nkohen linked a pull request Mar 12, 2021 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nkohen nkohen

Labels
adaptor-sigs documentation Improvements or additions to documentation enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
v0.1
Development

Successfully merging a pull request may close this issue.

Adaptor point doc nkohen/dlcspecs-1
1 participant
@nkohen