Nadav Kohen - Schnorr Applications Threshold Signatures (Highlights)

# Nadav Kohen - Schnorr Applications: Threshold Signatures (Highlights) ![rw-book-cover|256](https://suredbits.com/wp-content/uploads/2019/03/security_flat_logo_orange.png) ## Metadata **Review**:: [readwise.io](https://readwise.io/bookreview/38451022) **Source**:: #from/readwise #from/reader **Zettel**:: #zettel/fleeting **Status**:: #x **Authors**:: [[Nadav Kohen]] **Full Title**:: Schnorr Applications: Threshold Signatures **Category**:: #articles #readwise/articles **Category Icon**:: 📰 **URL**:: [suredbits.com](https://suredbits.com/schnorr-applications-threshold-signatures/) **Host**:: [[suredbits.com]] **Highlighted**:: [[2024-03-07]] **Created**:: [[2024-03-08]] ## Highlights ### Implementation with MuSig + Taproot - So for example if we want to have a 2-of-3 output between Alice, Bob and Carol with keys A, B and C but we want this output to look like a single public key spend, we could put in our tree all of the following conditions ([View Highlight](https://read.readwise.io/read/01hrc2bymg3y37kbzyd588jz67)) ^689279346 For 2-of-3, create an aggregated public key for each 2-in-3 combination. - The primary disadvantage of this scheme is that it is distinguishable from ordinary single public key spends as the tree must be revealed. ([View Highlight](https://read.readwise.io/read/01hrc2b6djnm5np2j5asqyjsrm)) ^689279311 - Another disadvantage of this scheme is that the number of cases that must be added to the tree grows very large in size, especially if the threshold is closer to half of the total number of participants. ([View Highlight](https://read.readwise.io/read/01hrc2bcsk4ahp9xjt5qj341ny)) ^689279315 - Another much more recently discovered method of doing threshold signatures in the Escrow use case uses [Adaptor Signatures](https://suredbits.com/schnorr-applications-scriptless-scripts/) along with the heavy machinery from [MuSig-DN](https://eprint.iacr.org/2020/1057), namely the pseudo-random function (PRF) and its corresponding Non-Interactive Zero-Knowledge (NIZK) proof system. ([View Highlight](https://read.readwise.io/read/01hrc2e3saywxghabamkf6kdzc)) ^689279415 - Verifiable Encryption function VEnc(*x*, *E*) which returns *x* encrypted with the public key *E* (so that only the owner of *E* can decrypt this) along with a Zero-Knowledge proof that this encrypted value will indeed decrypt to the private key of *x***G* when decrypted by the owner of *E*. ([View Highlight](https://read.readwise.io/read/01hrc2hseant1rpjmxfs6pd04y)) ^689279718 It is verifiable so participants can trust that they are able to decrypt them in the future.