mirror of
https://github.com/bitcoinbook/bitcoinbook
synced 2024-12-23 07:08:13 +00:00
Multi: switch from k-of-n/n-of-n to t-of-k/k-of-k
Suggested by Murchandamus
This commit is contained in:
parent
644867fd92
commit
baae9293cf
@ -95,7 +95,7 @@ full. They cannot be divided or partially spent.
|
|||||||
|
|
||||||
Quorum of Control:: Multisignature constraints in scripts impose a
|
Quorum of Control:: Multisignature constraints in scripts impose a
|
||||||
quorum of authorization, predefined in the multisignature scheme. The
|
quorum of authorization, predefined in the multisignature scheme. The
|
||||||
M-of-N requirement is enforced by the consensus rules.
|
requirement is enforced by the consensus rules.
|
||||||
|
|
||||||
Timelock/Aging:: Any script clause containing a relative or absolute
|
Timelock/Aging:: Any script clause containing a relative or absolute
|
||||||
timelock can only be executed after its age exceeds the time specified.
|
timelock can only be executed after its age exceeds the time specified.
|
||||||
|
@ -323,10 +323,10 @@ image::../images/mbc2_0606.png["Tx_Script_P2PubKeyHash_2"]
|
|||||||
((("transactions", "advanced", "multisignature
|
((("transactions", "advanced", "multisignature
|
||||||
scripts")))((("transactions", "advanced", id="Tadv07")))((("scripting",
|
scripts")))((("transactions", "advanced", id="Tadv07")))((("scripting",
|
||||||
"multisignature scripts", id="Smulti07")))((("multisignature
|
"multisignature scripts", id="Smulti07")))((("multisignature
|
||||||
scripts")))Multisignature scripts set a condition where N public keys
|
scripts")))Multisignature scripts set a condition where _k_ public keys
|
||||||
are recorded in the script and at least K of those must provide
|
are recorded in the script and at least _t_ of those must provide
|
||||||
signatures to spend the funds. This is also known as a K-of-N scheme,
|
signatures to spend the funds. This is also known as a "M-of-N" scheme,
|
||||||
where N is the total number of keys and K is the threshold of signatures
|
where M is the total number of keys and N is the threshold of signatures
|
||||||
required for validation. For example, a 2-of-3 multisignature is one
|
required for validation. For example, a 2-of-3 multisignature is one
|
||||||
where three public keys are listed as potential signers and at least two
|
where three public keys are listed as potential signers and at least two
|
||||||
of those must be used to create signatures for a valid transaction to
|
of those must be used to create signatures for a valid transaction to
|
||||||
@ -335,9 +335,9 @@ spend the funds.
|
|||||||
[TIP]
|
[TIP]
|
||||||
====
|
====
|
||||||
Some Bitcoin documentation, including earlier editions of this book,
|
Some Bitcoin documentation, including earlier editions of this book,
|
||||||
uses the term M-of-N for traditional multisignature. However, it's hard
|
uses the term "m-of-n" for traditional multisignature. However, it's hard
|
||||||
to tell "M" and "N" apart when they're spoken, so we use the alternative
|
to tell "m" and "n" apart when they're spoken, so we use the alternative
|
||||||
K-of-N. Both phrases refer to the same type of signature scheme.
|
t-of-k. Both phrases refer to the same type of signature scheme.
|
||||||
====
|
====
|
||||||
|
|
||||||
At this time, Bitcoin Core's transaction relay policy limits multisignature output scripts to at most 3
|
At this time, Bitcoin Core's transaction relay policy limits multisignature output scripts to at most 3
|
||||||
@ -353,14 +353,14 @@ P2SH in <<p2sh>>. All other scripts are consensus limited to 20 keys
|
|||||||
per +OP_CHECKMULTSIG+ or +OP_CHECKMULTISIGVERIFY+ opcode, although one
|
per +OP_CHECKMULTSIG+ or +OP_CHECKMULTISIGVERIFY+ opcode, although one
|
||||||
script may include multiple of those opcodes.
|
script may include multiple of those opcodes.
|
||||||
|
|
||||||
The general form of a output script setting an K-of-N multisignature
|
The general form of a output script setting a t-of-k multisignature
|
||||||
condition is:
|
condition is:
|
||||||
|
|
||||||
----
|
----
|
||||||
K <Public Key 1> <Public Key 2> ... <Public Key N> N OP_CHECKMULTISIG
|
t <Public Key 1> <Public Key 2> ... <Public Key k> k OP_CHECKMULTISIG
|
||||||
----
|
----
|
||||||
|
|
||||||
where N is the total number of listed public keys and K is the threshold
|
where _k_ is the total number of listed public keys and _t_ is the threshold
|
||||||
of required signatures to spend the output.
|
of required signatures to spend the output.
|
||||||
|
|
||||||
An output script setting a 2-of-3 multisignature condition looks like
|
An output script setting a 2-of-3 multisignature condition looks like
|
||||||
@ -448,7 +448,7 @@ OP_0 <Signature B> <Signature C>
|
|||||||
|
|
||||||
Some people believe this oddity was a bug in the original code for
|
Some people believe this oddity was a bug in the original code for
|
||||||
Bitcoin, but a plausible alternative explanation exists. Verifying
|
Bitcoin, but a plausible alternative explanation exists. Verifying
|
||||||
K-of-N signatures can require many more than K or N signature checking
|
t-of-k signatures can require many more than t or k signature checking
|
||||||
operations. Let's consider a simple example of 1-in-3, with the
|
operations. Let's consider a simple example of 1-in-3, with the
|
||||||
following combined script:
|
following combined script:
|
||||||
|
|
||||||
|
@ -659,11 +659,11 @@ available at the time of writing.
|
|||||||
[[schnorr_threshold_signatures]]
|
[[schnorr_threshold_signatures]]
|
||||||
==== Schnorr-based scriptless threshold signatures
|
==== Schnorr-based scriptless threshold signatures
|
||||||
|
|
||||||
Scriptless multisignature protocols only work for n-of-n signing.
|
Scriptless multisignature protocols only work for k-of-k signing.
|
||||||
Everyone with a partial public key that becomes part of the aggregated
|
Everyone with a partial public key that becomes part of the aggregated
|
||||||
public key must contribute a partial signature and partial nonce to the
|
public key must contribute a partial signature and partial nonce to the
|
||||||
final signature. Sometimes, though, the participants want to allow a
|
final signature. Sometimes, though, the participants want to allow a
|
||||||
subset of them to sign, such as k-of-n where k participants can sign for
|
subset of them to sign, such as t-of-k where a threshold (t) number of participants can sign for
|
||||||
a key constructed by n participants. That type of signature is called a
|
a key constructed by n participants. That type of signature is called a
|
||||||
_threshold signature_.
|
_threshold signature_.
|
||||||
|
|
||||||
@ -695,7 +695,7 @@ than a non-participant who didn't have a share.
|
|||||||
|
|
||||||
A secure secret sharing scheme prevents participants from learning
|
A secure secret sharing scheme prevents participants from learning
|
||||||
anything about the secret unless they combine the minimum threshold
|
anything about the secret unless they combine the minimum threshold
|
||||||
number of shares. For example, Alice can choose a threshold (_k_) of
|
number of shares. For example, Alice can choose a threshold of
|
||||||
+2+ if she wants any two of Bob, Carol, and Dan to be able to
|
+2+ if she wants any two of Bob, Carol, and Dan to be able to
|
||||||
reconstruct her secret. The best known secure secret sharing algorithm
|
reconstruct her secret. The best known secure secret sharing algorithm
|
||||||
is _Shamir's Secret Sharing Scheme_, commonly abbreviated SSSS and named
|
is _Shamir's Secret Sharing Scheme_, commonly abbreviated SSSS and named
|
||||||
@ -715,7 +715,7 @@ To see how multisignatures and verifiable secret sharing works for
|
|||||||
Alice, Bob, and Carol, imagine they each wish to receive funds that can
|
Alice, Bob, and Carol, imagine they each wish to receive funds that can
|
||||||
be spent by any two of them. They collaborate as described in
|
be spent by any two of them. They collaborate as described in
|
||||||
<<schnorr_multisignatures>> to produce a regular multisignature public
|
<<schnorr_multisignatures>> to produce a regular multisignature public
|
||||||
key to accept the funds (n-of-n). Then each participant derives two
|
key to accept the funds (k-of-k). Then each participant derives two
|
||||||
secret shares from their private key--one for each of two the other
|
secret shares from their private key--one for each of two the other
|
||||||
participants. The shares allow any two of them to reconstruct the
|
participants. The shares allow any two of them to reconstruct the
|
||||||
originating partial private key for the multisignature. Each participant
|
originating partial private key for the multisignature. Each participant
|
||||||
|
@ -5,7 +5,7 @@ for f in $( git ls-files | grep -v "$0" ) ; do
|
|||||||
# 1. Find discouraged words
|
# 1. Find discouraged words
|
||||||
# 2. Ignore things that look like json or code (Bitcoin Core RPCs use many discouraged words)
|
# 2. Ignore things that look like json or code (Bitcoin Core RPCs use many discouraged words)
|
||||||
egrep -if <( sed "1,/[S]TART DISCOURAGED WORDS/d" "$0" ) "$f" \
|
egrep -if <( sed "1,/[S]TART DISCOURAGED WORDS/d" "$0" ) "$f" \
|
||||||
| grep -v "[\"'][a-zA-Z]\+[\"']" \
|
| grep -v "[\"'][a-zA-Z-]\+[\"']" \
|
||||||
| if grep . ; then
|
| if grep . ; then
|
||||||
echo "DISCOURAGED WORDS FOUND IN $f"
|
echo "DISCOURAGED WORDS FOUND IN $f"
|
||||||
fi
|
fi
|
||||||
@ -37,3 +37,7 @@ BIP [0-9]
|
|||||||
witness field
|
witness field
|
||||||
witness element
|
witness element
|
||||||
feerate
|
feerate
|
||||||
|
m-of-m
|
||||||
|
m-of-n
|
||||||
|
n-of-n
|
||||||
|
k-of-n
|
||||||
|
Loading…
Reference in New Issue
Block a user