geonic: my contributions were primarily around cross-group DL stuff

I still have some ongoing questions about a few aspects of the construction

UkoeHB_: what would "upgrade" mean for that?

Funds addressed to existing multisig addresses need to be available

Otherwise you've effectively frozen funds

there won't be a problem with that; multisig doesn't need to be rolled out with a hard fork, so multisigv2 could coexist with software running multisigv1, but would be incompatible for multisig interactions

robust aggregation is only relevant for _creating_ new wallets, and commit-and-reveal is only relevant for creating new transactions (so in-progress transactions at time of update would be screwed up)

people using less-secure v1 multisig wallets would have to migrate to new wallets if they are concerned their partners are malicious

in other words, in multisigv2 you can use v1 wallets but can only create v2 wallets and v2 transactions

geonic: Hi, I said that MRL and particularly sarang helper me (before and during the work) not that we wrote the protocol together, sorry if my phrasing in the post was imprecise

and yes, I want more people to look at the paper

sarang: feel free to post your question here (or in private) whenever you want, I'm always around

I'm very happy to discuss about the protocol with everybody here obviously

h4sh3d[m]: I don't think you misrepresented anything

I was happy to provide help with the proof stuff

And I'm very glad the research turned out well!

I still am working through the implications of the communication between participants

Do you plan to post as an IACR preprint?