Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 3 from 2 users
Re: Shared K in multisig?
by
athanred
on 01/03/2020, 10:09:38 UTC
⭐ Merited by ETFbitcoin (2) ,hugeblack (1)
Quote
everyone have to divide received value by its chosen part of K
This is insecure, because when you know some number and you know number/K, then you can calculate someone else's K.

But even if all parties could agree on some K and create such signatures, it is still not enough, because you can still calculate someone else's private key.

sA=(z+r*privKeyA)/(kValueA*kValueB)
sB=(z+r*privKeyB)/(kValueA*kValueB)
sA/sB=(z+r*privKeyA)/(z+r*privKeyB)
privKeyA=(sA/sB-z)/r
privKeyB=(sB/sA-z)/r

Everyone knows sA, sB, z and r, so everyone can calculate anyone private key if you use the same K in both signatures.