diff --git a/ch12.asciidoc b/ch12.asciidoc index 25a9fb74..59fb25e5 100644 --- a/ch12.asciidoc +++ b/ch12.asciidoc @@ -95,7 +95,7 @@ full. They cannot be divided or partially spent. Quorum of Control:: Multisignature constraints in scripts impose a quorum of authorization, predefined in the multisignature scheme. The -M-of-N requirement is enforced by the consensus rules. +requirement is enforced by the consensus rules. Timelock/Aging:: Any script clause containing a relative or absolute timelock can only be executed after its age exceeds the time specified. diff --git a/chapters/authorization-authentication.adoc b/chapters/authorization-authentication.adoc index 5a30be1f..97c1d947 100644 --- a/chapters/authorization-authentication.adoc +++ b/chapters/authorization-authentication.adoc @@ -323,10 +323,10 @@ image::../images/mbc2_0606.png["Tx_Script_P2PubKeyHash_2"] ((("transactions", "advanced", "multisignature scripts")))((("transactions", "advanced", id="Tadv07")))((("scripting", "multisignature scripts", id="Smulti07")))((("multisignature -scripts")))Multisignature scripts set a condition where N public keys -are recorded in the script and at least K of those must provide -signatures to spend the funds. This is also known as a K-of-N scheme, -where N is the total number of keys and K is the threshold of signatures +scripts")))Multisignature scripts set a condition where _k_ public keys +are recorded in the script and at least _t_ of those must provide +signatures to spend the funds. This is also known as a "M-of-N" scheme, +where M is the total number of keys and N is the threshold of signatures required for validation. For example, a 2-of-3 multisignature is one where three public keys are listed as potential signers and at least two of those must be used to create signatures for a valid transaction to @@ -335,9 +335,9 @@ spend the funds. [TIP] ==== Some Bitcoin documentation, including earlier editions of this book, -uses the term M-of-N for traditional multisignature. However, it's hard -to tell "M" and "N" apart when they're spoken, so we use the alternative -K-of-N. Both phrases refer to the same type of signature scheme. +uses the term "m-of-n" for traditional multisignature. However, it's hard +to tell "m" and "n" apart when they're spoken, so we use the alternative +t-of-k. Both phrases refer to the same type of signature scheme. ==== At this time, Bitcoin Core's transaction relay policy limits multisignature output scripts to at most 3 @@ -353,14 +353,14 @@ P2SH in <>. All other scripts are consensus limited to 20 keys per +OP_CHECKMULTSIG+ or +OP_CHECKMULTISIGVERIFY+ opcode, although one script may include multiple of those opcodes. -The general form of a output script setting an K-of-N multisignature +The general form of a output script setting a t-of-k multisignature condition is: ---- -K ... N OP_CHECKMULTISIG +t ... k OP_CHECKMULTISIG ---- -where N is the total number of listed public keys and K is the threshold +where _k_ is the total number of listed public keys and _t_ is the threshold of required signatures to spend the output. An output script setting a 2-of-3 multisignature condition looks like @@ -448,7 +448,7 @@ OP_0 Some people believe this oddity was a bug in the original code for Bitcoin, but a plausible alternative explanation exists. Verifying -K-of-N signatures can require many more than K or N signature checking +t-of-k signatures can require many more than t or k signature checking operations. Let's consider a simple example of 1-in-3, with the following combined script: diff --git a/chapters/signatures.adoc b/chapters/signatures.adoc index 5532bbd3..bd3109da 100644 --- a/chapters/signatures.adoc +++ b/chapters/signatures.adoc @@ -659,11 +659,11 @@ available at the time of writing. [[schnorr_threshold_signatures]] ==== Schnorr-based scriptless threshold signatures -Scriptless multisignature protocols only work for n-of-n signing. +Scriptless multisignature protocols only work for k-of-k signing. Everyone with a partial public key that becomes part of the aggregated public key must contribute a partial signature and partial nonce to the final signature. Sometimes, though, the participants want to allow a -subset of them to sign, such as k-of-n where k participants can sign for +subset of them to sign, such as t-of-k where a threshold (t) number of participants can sign for a key constructed by n participants. That type of signature is called a _threshold signature_. @@ -695,7 +695,7 @@ than a non-participant who didn't have a share. A secure secret sharing scheme prevents participants from learning anything about the secret unless they combine the minimum threshold -number of shares. For example, Alice can choose a threshold (_k_) of +number of shares. For example, Alice can choose a threshold of +2+ if she wants any two of Bob, Carol, and Dan to be able to reconstruct her secret. The best known secure secret sharing algorithm is _Shamir's Secret Sharing Scheme_, commonly abbreviated SSSS and named @@ -715,7 +715,7 @@ To see how multisignatures and verifiable secret sharing works for Alice, Bob, and Carol, imagine they each wish to receive funds that can be spent by any two of them. They collaborate as described in <> to produce a regular multisignature public -key to accept the funds (n-of-n). Then each participant derives two +key to accept the funds (k-of-k). Then each participant derives two secret shares from their private key--one for each of two the other participants. The shares allow any two of them to reconstruct the originating partial private key for the multisignature. Each participant diff --git a/tools/discouraged.sh b/tools/discouraged.sh index 82c150c6..3d5134e4 100755 --- a/tools/discouraged.sh +++ b/tools/discouraged.sh @@ -5,7 +5,7 @@ for f in $( git ls-files | grep -v "$0" ) ; do # 1. Find discouraged words # 2. Ignore things that look like json or code (Bitcoin Core RPCs use many discouraged words) egrep -if <( sed "1,/[S]TART DISCOURAGED WORDS/d" "$0" ) "$f" \ - | grep -v "[\"'][a-zA-Z]\+[\"']" \ + | grep -v "[\"'][a-zA-Z-]\+[\"']" \ | if grep . ; then echo "DISCOURAGED WORDS FOUND IN $f" fi @@ -37,3 +37,7 @@ BIP [0-9] witness field witness element feerate +m-of-m +m-of-n +n-of-n +k-of-n