File tree 1 file changed +8
-0
lines changed
1 file changed +8
-0
lines changed Original file line number Diff line number Diff line change @@ -84,6 +84,14 @@ Note that this aggregation scheme is vulnerable to rogue-key attacks[^musig2-pap
8484In order to prevent such attacks, it ** MUST** be verified that participating
8585public keys own the corresponding private key.
8686
87+ Note further that this aggregation scheme is vulnerable to public keys with
88+ linear relationships. A set of public keys ` A ` leaking the sum of their private
89+ keys would allow the creation of a second set of public keys ` B ` with
90+ ` aggPubKey(A) = aggPubKey(B) ` . This would make signatures created by set ` A `
91+ indistinguishable from signatures created by set ` B ` .
92+ However, this specification assumes that participants do not share private key
93+ material leading to negligible probability for such cases to happen.
94+
8795
8896## Other Security Considerations
8997
You can’t perform that action at this time.
0 commit comments