|
|
|
@ -1819,6 +1819,8 @@ multisignatures looks like every other scriptless
|
|
|
|
|
multisignature and every single-signature, no privacy-reducing data is
|
|
|
|
|
leaked.
|
|
|
|
|
|
|
|
|
|
++++
|
|
|
|
|
<p class="fix_tracking">
|
|
|
|
|
There are two downsides of scriptless multisignatures. The first is
|
|
|
|
|
that all known secure algorithms for creating them for Bitcoin require more
|
|
|
|
|
rounds of interaction or more careful management of state than
|
|
|
|
@ -1828,6 +1830,8 @@ devices and the keys are physically distributed. For example, if you
|
|
|
|
|
keep a hardware signing device in a bank safe deposit box, you would
|
|
|
|
|
need to visit that box once to create a scripted multisignature but
|
|
|
|
|
possibly two or three times for a scriptless multisignature.
|
|
|
|
|
</p>
|
|
|
|
|
++++
|
|
|
|
|
|
|
|
|
|
The other downside is that threshold signing doesn't reveal who signed.
|
|
|
|
|
In scripted threshold signing, Alice, Bob, and Carol agree (for example)
|
|
|
|
|