This property is not observed in MuSig2โs key generation, as it uses additive secret sharing and randomization.
18.01.2025 08:37
๐ 0
๐ 0
๐ฌ 0
๐ 0
This property is not observed in MuSig2โs key generation, as it uses additive secret sharing and randomization.
ChillDKG uses this property to commit its threshold public key to an unspendable script path, making it Taproot-safe.
Proof by Lagrange interpolation
While reviewing the ChillDKG BIP, I noticed a neat property: In a t-of-n Shamir sharing scheme, where combining shares s1, s2, and s3 gives a secret c. If you offset these shares by adding a constant k (i.e., s1 + k, s2 + k, s3 + k), the result will be an offset secret c + k.