This sentence is a procedure for n-of-n Multisignatures to the following URL.
The symbols and functions used are defined in the following URL.
https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
- The number of users u.
- Each player's public keys are P1 , ... , Pu : point
- c = hash(bytes(P1) || ... || bytes(Pu))
- μ1 = int(hash(c || 1)) mod n , ... , μu = int(hash(c || u)) mod n
- P = μ1P1 + ... + μuPu
- The message m: an array of 32 bytes
The n , G and functions are cited from the original text.
Every user(i = 1...u) prepare secret key , random point and hash value.
- The secret key di: an integer in the range 1..n-1.
- Let ki = int(hash(bytes(di) || m)) mod n.
- Let Ri = kiG.
- Let hi = hash(bytes(Ri)).
Every user(i = 1...u) sends hash value (hi) to other users(j = 1...u , i ≠ j).
If all hash values are received, users(i = 1...u) send random point(Ri) to other users(j = 1...u , i ≠ j).
Every user(i = 1...u) checks :
- For j = 1...u , i ≠ j:
- Let h = hash(bytes(Rj)).
- Fail if hj ≠ h.
Every user(i = 1...u) sign :
- Let ki = int(hash(bytes(di) || m)) mod n.
- Let R = R1 + ... + Ru.
- If jacobi(y(R)) ≠ 1 , let ki = n - ki.
- Let e = int(hash(bytes(x(R)) || bytes(P) || m)) mod n.
- Let si = bytes(ki + eμidi mod n).
Every user(i = 1...u) sends their signature(si) to other users(j = 1...u , i ≠ j).
Every user(i = 1...u) checks:
- Let R = R1 + ... + Ru.
- Let e = int(hash(bytes(x(R)) || bytes(P) || m)) mod n.
- For j = 1...u , i ≠ j:
- Fail if sj ≥ n.
- Let R = sjG - eμjPj
- Fail if infinite(R') or x(R) ≠ x(Rj).
Any user creates a signature :
- Let R = R1 + ... + Ru.
- Let s = s1 + ... + su mod n.
- The signature is bytes(x(R)) || bytes(s).
original document
https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki#multisignatures-and-threshold-signatures
sample code
https://github.com/tnakagawa/bipschnorr