vietlq/bipschnorr-Multisignature.md

## bipschnorr-Multisignature.md

      
    Raw
  

              bipschnorr-Multisignature.md
            
          
    Multisignature

This sentence is a procedure for n-of-n Multisignatures to the following URL.
The symbols and functions used are defined in the following URL.
https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
Introduction


The number of users u.
The public key P = P₁ + ... + P_u : a point
The message m: an array of 32 bytes

The n , G and functions are cited from the original text.
Signing

Step 1

Every user(i = 1...u) prepare secret key , random point and hash value.

The secret key d_i: an integer in the range 1..n-1.
Let k_i = int(hash(bytes(d_i) || m)) mod n.
Let R_i = k_iG.
Let h_i = hash(bytes(R_i)).

Step 2

Every user(i = 1...u) sends hash value (h_i) to other users(j = 1...u , i ≠ j).
Step 3

If all hash values are received, users(i = 1...u) send random point(R_i) to other users(j = 1...u , i ≠ j).
Step 4

Every user(i = 1...u) checks :

For j = 1...u , i ≠ j:

Let h = hash(bytes(R_j)).
Fail if h_j ≠ h.


Every user(i = 1...u) sign :

Let k_i = int(hash(bytes(d_i) || m)) mod n.
Let R = R₁ + ... + R_u.
If jacobi(y(R)) ≠ 1 , let k_i = n - k_i.
Let e = int(hash(bytes(x(R)) || bytes(P) || m)) mod n.
Let s_i = bytes(k_i + ed_i mod n).

Every user(i = 1...u) sends their signature(s_i) to other users(j = 1...u , i ≠ j).
Step 5

Every user(i = 1...u) checks:

Let R = R₁ + ... + R_u.
Let e = int(hash(bytes(x(R)) || bytes(P) || m)) mod n.
For j = 1...u , i ≠ j:

Fail if s_j ≥ n.
Let R = s_jG - eP_j
Fail if infinite(R') or x(R) ≠ x(R_j).


Step 6

Any user creates a signature :

Let R = R₁ + ... + R_u.
Let s = s₁ + ... + s_u mod n.
The signature is bytes(x(R)) || bytes(s).