---
robots: noindex, nofollow
---
# Musig2 Sequence Diagrams
- All messages passed in this diagram are GSTP requests or responses.
- GSTP messages are self-introducing and self-authenticating.
- Session context objects (SESSION) include:
- Unique session identifier (SID)
- Participant Identifiers (XIDs or XID documents)
- Envelope to be signed
## 2-of-2 MuSig2 Signing Process
- Throughout this exchange Alice, as the initiator, is sending GSTP requests to Bob, and Bob is sending GSTP responses to Alice.
- Both participants perform every computation in the process to ensure that the integrity of the signing process is maintained.
- The distribution of the group public key and the signed message to third-parties can be done by either or both participants.
- Further assumptions:
- Alice and Bob need have no history between them.
- Bob treats Alice's initiation as TOFU (Trust On First-Use).
- The group public key is ephemeral (single-use).
```mermaid
sequenceDiagram
participant Alice
participant Bob
participant Victor
Note over Alice: Prepares session
Alice->>Bob: SESSION
Note over Bob: Prepares partial key pair
Bob->>Alice: PARTIAL_PUBLIC_KEY(Bob)
Note over Alice: Prepares partial key pair
Alice->>Bob: PARTIAL_PUBLIC_KEY(Alice)
Note over Alice, Bob: Both compute group public key
Bob->>Victor: GROUP_PUBLIC_KEY
Note over Alice, Bob: Both prepare nonce pair
Bob->>Alice: PUBLIC_NONCE(Bob)
Alice->>Bob: PUBLIC_NONCE(Alice)
Note over Alice, Bob: Both prepare partial signature
Bob->>Alice: PARTIAL_SIGNATURE(Bob)
Alice->>Bob: PARTIAL_SIGNATURE(Alice)
Note over Alice, Bob: Both compute signed message
Bob->>Victor: SIGNED_MESSAGE
Note over Victor: Verifies signed message
```
## 3-of-3 MuSig2 Signing Process
- All messages are GSTP, and throughout, GSTP Encrypted State Continuations (ESC) are used by the participants to maintain state across multiple messages. Essentially, the participants are securely telling their future selves what to do next.
- All participants are communicating with a hub, Hubert, who is responsible for reflecting messages between participants.
- Hubert is not a participant in the signing process, and in fact does not need to have any knowledge of the signing process.
- The messages to other participants are encrypted to them using their public keys, and Hubert can only see the intended recipients of the messages, but not the contents.
- The distribution of the group public key and the signed message to third-parties can be done by any participants.
- Unshown are `OK` responses to each request, which are assumed to be sent by the recipient of the request. This affords fault detection and recovery.
- The diagram shows combined messages (e.g., `PARTIAL_PUBLIC_KEY(Bob, Carol)`) for visual simplicity. In practice, each of these combined messages represents multiple individual messages sent to each recipient.
- Further assumptions:
- Alice, Bob, and Carol need have no history between them.
- Hubert treats Alice's initiation as TOFU.
- All participants treat messages relayed by Hubert as TOFU.
- The group public key is ephemeral (single-use).
```mermaid
sequenceDiagram
participant Hubert
participant Alice
participant Bob
participant Carol
participant Victor
Note over Alice: Prepares session
Alice->>Hubert: SESSION
Note left of Hubert: Hubert reflects<br/>the session<br/>to Bob and Carol
Hubert->>Bob: SESSION
Hubert->>Carol: SESSION
Note left of Hubert: Partipants prepare<br/>their partial key pairs
Alice->>Hubert: PARTIAL_PUBLIC_KEY(Alice)
Bob->>Hubert: PARTIAL_PUBLIC_KEY(Bob)
Carol->>Hubert: PARTIAL_PUBLIC_KEY(Carol)
Note left of Hubert: Combined messages<br/>shown for brevity.
Hubert->>Alice: PARTIAL_PUBLIC_KEY(Bob, Carol)
Hubert->>Bob: PARTIAL_PUBLIC_KEY(Alice, Carol)
Hubert->>Carol: PARTIAL_PUBLIC_KEY(Alice, Bob)
Note left of Hubert: Partipants compute<br/>group public key
Carol->>Victor: GROUP_PUBLIC_KEY
Note left of Hubert: Partipants prepare<br/>nonce pairs
Alice->>Hubert: PUBLIC_NONCE(Alice)
Bob->>Hubert: PUBLIC_NONCE(Bob)
Carol->>Hubert: PUBLIC_NONCE(Carol)
Hubert->>Alice: PUBLIC_NONCE(Bob, Carol)
Hubert->>Bob: PUBLIC_NONCE(Alice, Carol)
Hubert->>Carol: PUBLIC_NONCE(Alice, Bob)
Note left of Hubert: Partipants prepare<br/>partial signatures
Alice->>Hubert: PARTIAL_SIGNATURE(Alice)
Bob->>Hubert: PARTIAL_SIGNATURE(Bob)
Carol->>Hubert: PARTIAL_SIGNATURE(Carol)
Hubert->>Alice: PARTIAL_SIGNATURE(Bob, Carol)
Hubert->>Bob: PARTIAL_SIGNATURE(Alice, Carol)
Hubert->>Carol: PARTIAL_SIGNATURE(Alice, Bob)
Note left of Hubert: Partipants compute<br/>signed message
Carol->>Victor: SIGNED_MESSAGE
Note over Victor: Verifies signed message
```
Sign in with Wallet
Connect another wallet