multi signature – Is it doable to recuperate a non-public key from an combination public key underneath robust assumptions?

Let’s take into account the next assumptions:

1. A pc can compute the personal key from the general public key in n years (with n being a small quantity, give or take). In fact, this assumption is extremely hypothetical and at the moment thought-about unrealistic.

2. The general public keys for multisignature accounts are recognized. We assume right here that they don’t seem to be hashed or in any other case hidden. I am additionally assuming that MuSig2 is used for multisignature accounts. That is anticipated to occur in Bitcoin, if I am not mistaken. In addition to, MuSig2 can’t be used for CISA because it solely permits a single message to be handed (inform me if I am improper).

Now, since Assumption 2 holds, we are able to combination the set of public keys utilizing MuSig2, producing a single combination public key, AggPub.
As a result of it is a legitimate x-only public key, there are precisely two corresponding personal keys, Priv1 and Priv2linked to AggPub. By realizing considered one of them, you may simply know the opposite by negating the primary personal key.

From Assumption 1, can we compute one of many personal keys (Priv1 or Priv2) from AggPub in the identical period of time, i.e., n years? From my perspective, sure we are able to.

In fact, Assumption 1 is just too robust. But when the reply to the query is sure, it will recommend that signature compression isn’t one of the best trade-off right here. The truth is, this might even be exploited for zombie accounts utilizing MuSig2, permitting the unlocking of dormant funds with only a single personal key by performing a easy Schnorr signature.