Schnorr - combine 2 signature

[tinguyen1107]

Hi guys, I'm trying to implement the statecoin protocol, I used the schnorr to handle the multisig between the server and user. We create the signature using this one

    let sighash = sighasher
        .taproot_key_spend_signature_hash(input_index, &prevouts, sighash_type)
        .expect("failed to construct sighash");

    let tweaked: TweakedKeypair = keypair.tap_tweak(&secp, None);
    let msg = Message::from(sighash);

    let signature = secp.sign_schnorr(&msg, &tweaked.to_inner());

    let signature = bitcoin::taproot::Signature {
        sig: signature,
        hash_ty: sighash_type,
    };

I wonder that how we can combine 2 sign together and spend the transaction?

[apoelstra]

https://9www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto

https://galois.com/blog/2021/03/actually-you-are-rolling-your-own-crypto/

[tinguyen1107]

Hi @apoelstra, sorry I don't know what you mean? You mean I should not try to implement it on my own? This is for study purpose only, if you know please help me with this :(((

[apoelstra]

I do not know anything about the "statecoin protocol". In general it is not possible to combine two Schnorr signatures.

[tinguyen1107]

ah it is statechain, sorry, hmmm... never mind, thanks for your time

[storopoli]

I do not know anything about the "statecoin protocol". In general it is not possible to combine two Schnorr signatures.

The "In general" is not that helpful.
However, you can combine two Schnorr signatures in something called "Naive Schnorr multi-signatures".
The intuition behind it is that Schnorr sig is "linear", i.e. it does not have a mod inverse in signing like DSA (or ECDSA).

Ref: https://blog.blockstream.com/en-musig-key-aggregation-schnorr-signatures/

PS: This is not peer-reviewed but Slide 21 here goes through the Math - https://github.com/storopoli/cryptography-workshop/releases/latest

PS2: Maybe we move this to the Discussions instead of keeping it as an issue?