From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UpNFs-00016X-3L for bitcoin-development@lists.sourceforge.net; Wed, 19 Jun 2013 18:37:16 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.83.43 as permitted sender) client-ip=74.125.83.43; envelope-from=adam.back@gmail.com; helo=mail-ee0-f43.google.com; Received: from mail-ee0-f43.google.com ([74.125.83.43]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UpNFm-00023Z-Q0 for bitcoin-development@lists.sourceforge.net; Wed, 19 Jun 2013 18:37:16 +0000 Received: by mail-ee0-f43.google.com with SMTP id l10so3407069eei.30 for ; Wed, 19 Jun 2013 11:37:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent:x-hashcash :x-hashcash:x-hashcash:x-hashcash; bh=n4DkS1TD6ND1re4nQVaIgz+lIPWPC1n3S7vFiLDD2os=; b=g/sfa/D+GcUFSeiIk2VlN1rzsceTmTFDB005nxM/WXmO6VAL3uOoswVke0VXkHuq1N D+5e22Xl/LF8IizniV+VB+33hqBEr1xgom5mPuVnuVgFwJQK/4GJG+09j27z/w7p2/bp uJ9SFFzR4yJdzvw/8maK6Nw6huCMF4X0SNQw0mek3Z8QIpI5Ps6meF5w2V61zKm5T7G0 vKO73cG49iCLqRbhM3n0TDa0KPVZHvT87SJwXn98RMqIUOSBQCG013Nxh0/s7G88in+A Aolo0y3Vxbkf1aAp+YWHspv9/+5IUiG5Y7jfcCXsNb0RhlHrWgWiIHo8CWxuKoDs8PPo tpZA== X-Received: by 10.15.33.13 with SMTP id b13mr3907736eev.0.1371667024414; Wed, 19 Jun 2013 11:37:04 -0700 (PDT) Received: from netbook (c83-90.i07-21.onvol.net. [92.251.83.90]) by mx.google.com with ESMTPSA id c5sm38603145eeu.8.2013.06.19.11.37.02 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 19 Jun 2013 11:37:03 -0700 (PDT) Received: by netbook (Postfix, from userid 1000) id 626752E05D8; Wed, 19 Jun 2013 20:37:01 +0200 (CEST) Received: by flare (hashcash-sendmail, from uid 1000); Wed, 19 Jun 2013 20:36:57 +0200 Date: Wed, 19 Jun 2013 20:36:57 +0200 From: Adam Back To: Alan Reiner Message-ID: <20130619183657.GA16708@netbook.cypherspace.org> References: <51BFD886.8000701@gmail.com> <20130619142510.GA17239@crunch> <51C1C288.4000305@gmail.com> <20130619152815.GA14729@netbook.cypherspace.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20130619152815.GA14729@netbook.cypherspace.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Hashcash: 1:20:130619:etotheipi@gmail.com::S3CJscTR70cDsxEj:000000000000000000 0000000000000000000000005V72 X-Hashcash: 1:20:130619:timo.hanke@web.de::tvsbcK31UHmGVmMK:00000000000000000000 000000000000000000000000260V X-Hashcash: 1:20:130619:bitcoin-development@lists.sourceforge.net::Jp3AXCmMD+ebK sw3:00000000000000000000AoOV X-Hashcash: 1:20:130619:adam@cypherspace.org::WCsKXNuVNA9Vu2Gr:00000000000000000 000000000000000000000000BVPJ X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (adam.back[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1UpNFm-00023Z-Q0 Cc: Bitcoin Dev , timo.hanke@web.de Subject: Re: [Bitcoin-development] Optional "wallet-linkable" address format - Payment Protocol X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jun 2013 18:37:16 -0000 This maybe simpler and trivially compatible with existing type2 public keys (ones that are multiples of a parent public key): send an ECDSA signature of the multiplier, and as we know you can compute ("recover") the parent public key from an the ECDSA signature made using it. Adam On Wed, Jun 19, 2013 at 05:28:15PM +0200, Adam Back wrote: >[q-th root with unknown no discrete log artefact] > >If it was a concern I guess you could require a proof of knowledge of >discrete log. ie as well as public key parent, multiplier the address must >include ECDSA sig or Schnorr proof of knowledge (which both demonstrate >knowledge of the discrete log of Q to base G.)