This is sharing some early, experimental work on a Schnorr signature full aggregation module per the DahLIAS protocol. The paper has not yet been translated into a BIP but I was eager to try implementing module here from scratch and I wanted to share it as a base for some discussions while working on a BIP. Obviously, the code here will be subject to change because of this.
Aside from all the stuff that is still missing the most interesting question so far seems to be: How can code be shared between two modules that might be not be considered low level and general enough to enter the main library but that is behaving exactly the same between two separate modules? In the code here there a many helper functions, almost all of them related to the effective nonce logic, that are (intentionally) exactly the same as in the Musig module (grep for TODO in the main impl file). This code might be shared with a FROST module as well in the future but to me this code doesn’t feel like it really belongs into the lower level library code because it is very specific to these higher level protocols. Maybe I am wrong here but if not there could be some common code section that is shared between modules but is not accessible from the other library code.
TODOs
- Write an actual BIP
- Add tweaking support
- Share duplicated code with the MuSig module
- Add benchmarking code
- Implement test vectors (from the BIP)
- Add ctime tests