kushti/gist:270320175b8b0469d680d41ce13670b1

## gistfile1.txt
An example test where Alice (A) and Bob (B) are signing an input in a distributed way. A statement which
protects the box to spend is "pubkey_Alice && pubkey_Bob". Note that a signature in this case is about
a transcript of a Sigma-protocol ((a_Alice, a_Bob), e, (z_Alice, z_Bob)),
which is done in non-interactive way (thus "e" is got via a Fiat-Shamir transformation).

For that, they are going through following steps:

- Bob is generating first protocol message a_Bob and sends it to Alice
- Alice forms a hint which contain Bob's commitment "a_Bob", and puts the hint into a hints bag
- She proves the statement using the bag, getting the partial protocol transcript
    (a_Alice, e, z_Alice) as a result and sends "a_Alice" and "z_Alice" to Bob.
    Please note that "e" is got from both a_Alice and a_Bob.

 - Bob now also knows a_Alice, so can generate the same "e" as Alice. Thus Bob is generating valid
     proof ((a_Alice, a_Bob), e, (z_Alice, z_Bob)).
	An example test where Alice (A) and Bob (B) are signing an input in a distributed way. A statement which
	protects the box to spend is "pubkey_Alice && pubkey_Bob". Note that a signature in this case is about
	a transcript of a Sigma-protocol ((a_Alice, a_Bob), e, (z_Alice, z_Bob)),
	which is done in non-interactive way (thus "e" is got via a Fiat-Shamir transformation).

	For that, they are going through following steps:

	- Bob is generating first protocol message a_Bob and sends it to Alice
	- Alice forms a hint which contain Bob's commitment "a_Bob", and puts the hint into a hints bag
	- She proves the statement using the bag, getting the partial protocol transcript
	(a_Alice, e, z_Alice) as a result and sends "a_Alice" and "z_Alice" to Bob.
	Please note that "e" is got from both a_Alice and a_Bob.

	- Bob now also knows a_Alice, so can generate the same "e" as Alice. Thus Bob is generating valid
	proof ((a_Alice, a_Bob), e, (z_Alice, z_Bob)).