Bitcoin Core contributor ・ Blockchain R&D in Tokyo ・ Creator of btcdeb, MFF & signet ・ Author of BIP 322 (and others) ・ #WeAreAllSatoshi(#ExceptThatGuy)
Jan 29, 2020 • 9 tweets • 2 min read
People don't seem to fully realize this, but if two+ people have private keys x_1 and x_2, and they create a Taproot output for Q = P + <script tweak>, where P = (x_1+x_2)G, they can totally make signatures and combine them to spend that, without showing x_1 or x_2 to each other.
That is, when you spend a Taproot key, you *don't* share the x_1 and x_2 with everyone involved, and then sign the spending transaction. That would be completely insecure, since the person you share with could now send the money wherever they wanted and sign on their own!
Aug 8, 2018 • 10 tweets • 3 min read
I remember back when S2X was a thing, and people would constantly ask on r/bitcoin on reddit "why the hate for 'segwit' which seemed like a good upgrade". Intentionally deceptive move. This poll reminded me of it, so forgive me as I go on a reminiscence-rant.
The miners were refusing to signal for Segwit, and nobody really knew why. Random claims popped up, like "it'd move fees away from miners" (due to L2 eg ⚡️) . Ultimately, the biggest reason was most likely covert ASICBoost in use by Bitmain. Deceptive.
