* [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
@ 2017-12-08 18:25 Dan Bryant
2017-12-09 12:57 ` Sjors Provoost
2017-12-19 21:36 ` Pavol Rusnak
0 siblings, 2 replies; 8+ messages in thread
From: Dan Bryant @ 2017-12-08 18:25 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 334 bytes --]
I know there are posts, and an issue opened against it, but is there anyone
writing a BIP for Sign / Verify message against a SegWit address?
I realize it is not a feature in wide use, but I think it still serves an
important purpose, such as when proof of assets are requested.
ref: https://github.com/bitcoin/bitcoin/issues/10542
[-- Attachment #2: Type: text/html, Size: 486 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
2017-12-08 18:25 [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses Dan Bryant
@ 2017-12-09 12:57 ` Sjors Provoost
2017-12-19 21:36 ` Pavol Rusnak
1 sibling, 0 replies; 8+ messages in thread
From: Sjors Provoost @ 2017-12-09 12:57 UTC (permalink / raw)
To: Bitcoin Protocol Discussion, DKBryant
[-- Attachment #1.1: Type: text/plain, Size: 1700 bytes --]
I would like to see this specifically for P2SH-PWPKH and/or native SegWit bech32 addresses.
Use cases I can think of are "I'm the whale in charge of these funds, listen to me" and some form of polling.
It's nice if funds aren't excluded from these type of functionalities just because they have a complicated redeem script. So something more generic like the Elements implementation / suggestion Greg Maxwell referred to in the Github thread would be nice too.
Is it also useful or possible to sign a message proving you are able to redeem some arbitrary branch in a MAST-like tree of scripts? What about being a minority part of a multisig?
All these features have privacy trade-offs, as well as perhaps security trade-offs, e.g. when you reveal a public key that was otherwise hidden behind a hash (i.e. if someone were to break secp256k1, they'd first organize a popular poll).
There's no BIP for the current message signing mechanism either afaik.
Sjors
> Op 8 dec. 2017, om 19:25 heeft Dan Bryant via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> het volgende geschreven:
>
> I know there are posts, and an issue opened against it, but is there anyone writing a BIP for Sign / Verify message against a SegWit address?
>
> I realize it is not a feature in wide use, but I think it still serves an important purpose, such as when proof of assets are requested.
>
> ref: https://github.com/bitcoin/bitcoin/issues/10542 <https://github.com/bitcoin/bitcoin/issues/10542>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
[-- Attachment #1.2: Type: text/html, Size: 2755 bytes --]
[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
2017-12-08 18:25 [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses Dan Bryant
2017-12-09 12:57 ` Sjors Provoost
@ 2017-12-19 21:36 ` Pavol Rusnak
2017-12-19 21:58 ` Mark Friedenbach
2017-12-21 22:22 ` Dan Bryant
1 sibling, 2 replies; 8+ messages in thread
From: Pavol Rusnak @ 2017-12-19 21:36 UTC (permalink / raw)
To: DKBryant, Bitcoin Protocol Discussion
On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> I know there are posts, and an issue opened against it, but is there
> anyone writing a BIP for Sign / Verify message against a SegWit address?
Dan, are you still planning to write this BIP?
--
Best Regards / S pozdravom,
Pavol "stick" Rusnak
CTO, SatoshiLabs
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
2017-12-19 21:36 ` Pavol Rusnak
@ 2017-12-19 21:58 ` Mark Friedenbach
2017-12-21 11:19 ` Damian Williamson
2017-12-21 17:23 ` Jason Dreyzehner
2017-12-21 22:22 ` Dan Bryant
1 sibling, 2 replies; 8+ messages in thread
From: Mark Friedenbach @ 2017-12-19 21:58 UTC (permalink / raw)
To: Pavol Rusnak, Bitcoin Protocol Discussion
For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things:
(1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold.
(2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and
(3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins.
There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script.
Mark
> On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
>> I know there are posts, and an issue opened against it, but is there
>> anyone writing a BIP for Sign / Verify message against a SegWit address?
>
> Dan, are you still planning to write this BIP?
>
> --
> Best Regards / S pozdravom,
>
> Pavol "stick" Rusnak
> CTO, SatoshiLabs
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
2017-12-19 21:58 ` Mark Friedenbach
@ 2017-12-21 11:19 ` Damian Williamson
2017-12-21 16:29 ` Mark Friedenbach
2017-12-21 17:23 ` Jason Dreyzehner
1 sibling, 1 reply; 8+ messages in thread
From: Damian Williamson @ 2017-12-21 11:19 UTC (permalink / raw)
To: Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 3289 bytes --]
In all seriousness, being able to sign a message is an important feature whether it is with Bitcoin Core or, with some other method. It is a good feature and it would be worthwhile IMHO to update it for SegWit addresses. I don't know about renewing it altogether, I like the current simplicity.
Regards,
Damian Williamson
------------------------------------
Sometimes I like to sign a message just to verify that is what I have said.
-
Bitcoin: 1PMUf9aaQ41M4bgVbCAPVwAeuKvj8CwxJg
------------------------------------
Signature:
HwJPqyWF0CbdsR7x737HbNIDoRufsrMI5XYQsKZ+MrWCJ6K7imtLY00sTCmSMDigZxRuoxyYZyQUw/lL0m/MV9M=
(Of course, signed messages will verify better usually with plain text and not HTML interpreted email - need a switch for outlook.com to send plaintext.)
________________________________
From: bitcoin-dev-bounces@lists.linuxfoundation.org <bitcoin-dev-bounces@lists.linuxfoundation.org> on behalf of Mark Friedenbach via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Sent: Wednesday, 20 December 2017 8:58 AM
To: Pavol Rusnak; Bitcoin Protocol Discussion
Subject: Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things:
(1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold.
(2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and
(3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins.
There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script.
Mark
> On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
>> I know there are posts, and an issue opened against it, but is there
>> anyone writing a BIP for Sign / Verify message against a SegWit address?
>
> Dan, are you still planning to write this BIP?
>
> --
> Best Regards / S pozdravom,
>
> Pavol "stick" Rusnak
> CTO, SatoshiLabs
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
[-- Attachment #2: Type: text/html, Size: 5757 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
2017-12-21 11:19 ` Damian Williamson
@ 2017-12-21 16:29 ` Mark Friedenbach
0 siblings, 0 replies; 8+ messages in thread
From: Mark Friedenbach @ 2017-12-21 16:29 UTC (permalink / raw)
To: Damian Williamson, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 3741 bytes --]
It doesn’t matter what it does under the hood. The api could be the same.
> On Dec 21, 2017, at 3:19 AM, Damian Williamson via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> In all seriousness, being able to sign a message is an important feature whether it is with Bitcoin Core or, with some other method. It is a good feature and it would be worthwhile IMHO to update it for SegWit addresses. I don't know about renewing it altogether, I like the current simplicity.
>
> Regards,
> Damian Williamson
>
> ------------------------------------
> Sometimes I like to sign a message just to verify that is what I have said.
> -
> Bitcoin: 1PMUf9aaQ41M4bgVbCAPVwAeuKvj8CwxJg
> ------------------------------------
> Signature:
> HwJPqyWF0CbdsR7x737HbNIDoRufsrMI5XYQsKZ+MrWCJ6K7imtLY00sTCmSMDigZxRuoxyYZyQUw/lL0m/MV9M=
>
> (Of course, signed messages will verify better usually with plain text and not HTML interpreted email - need a switch for outlook.com to send plaintext.)
> From: bitcoin-dev-bounces@lists.linuxfoundation.org <bitcoin-dev-bounces@lists.linuxfoundation.org> on behalf of Mark Friedenbach via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
> Sent: Wednesday, 20 December 2017 8:58 AM
> To: Pavol Rusnak; Bitcoin Protocol Discussion
> Subject: Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
>
> For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things:
>
> (1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold.
>
> (2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and
>
> (3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins.
>
> There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script.
>
> Mark
>
> > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> >
> > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> >> I know there are posts, and an issue opened against it, but is there
> >> anyone writing a BIP for Sign / Verify message against a SegWit address?
> >
> > Dan, are you still planning to write this BIP?
> >
> > --
> > Best Regards / S pozdravom,
> >
> > Pavol "stick" Rusnak
> > CTO, SatoshiLabs
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
[-- Attachment #2: Type: text/html, Size: 6873 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
2017-12-19 21:58 ` Mark Friedenbach
2017-12-21 11:19 ` Damian Williamson
@ 2017-12-21 17:23 ` Jason Dreyzehner
1 sibling, 0 replies; 8+ messages in thread
From: Jason Dreyzehner @ 2017-12-21 17:23 UTC (permalink / raw)
To: Mark Friedenbach, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 2575 bytes --]
You might be interested in this proposal, which is very similar. The repo
contains a very basic implementation in typescript:
https://github.com/bitauth/bitauth2017/blob/master/bips/0-bitauth.mediawiki
https://github.com/bitauth/bitauth2017/
On Tue, Dec 19, 2017 at 4:59 PM Mark Friedenbach via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> For what it’s worth, I think it would be quite easy to do better than the
> implied solution of rejiggering the message signing system to support
> non-P2PKH scripts. Instead, have the signature be an actual bitcoin
> transaction with inputs that have the script being signed. Use the salted
> hash of the message being signed as the FORKID as if this were a spin-off
> with replay protection. This accomplishes three things:
>
> (1) This enables signing by any infrastructure out there — including
> hardware wallets and 2FA signing services — that have enabled support for
> FORKID signing, which is a wide swath of the ecosystem because of Bitcoin
> Cash and Bitcoin Gold.
>
> (2) It generalizes the message signing to allow multi-party signing setups
> as complicated (via sighash, etc.) as those bitcoin transactions allow,
> using existing and future tools based on Partially Signed Bitcoin
> Transactions; and
>
> (3) It unifies a single approach for message signing, proof of reserve
> (where the inputs are actual UTXOs), and off-chain colored coins.
>
> There’s the issue of size efficiency, but for the single-party message
> signing application that can be handled by a BIP that specifies a template
> for constructing the pseudo-transaction and its inputs from a raw script.
>
> Mark
>
> > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
> >
> > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> >> I know there are posts, and an issue opened against it, but is there
> >> anyone writing a BIP for Sign / Verify message against a SegWit address?
> >
> > Dan, are you still planning to write this BIP?
> >
> > --
> > Best Regards / S pozdravom,
> >
> > Pavol "stick" Rusnak
> > CTO, SatoshiLabs
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 3543 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
2017-12-19 21:36 ` Pavol Rusnak
2017-12-19 21:58 ` Mark Friedenbach
@ 2017-12-21 22:22 ` Dan Bryant
1 sibling, 0 replies; 8+ messages in thread
From: Dan Bryant @ 2017-12-21 22:22 UTC (permalink / raw)
To: Pavol Rusnak; +Cc: Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 562 bytes --]
legacy message sign verify BIP to get the ball rolling.
early draft:
https://github.com/brianddk/bips/blob/legacysignverify/bip-0xyz.mediawiki
On Tue, Dec 19, 2017 at 3:36 PM, Pavol Rusnak <stick@satoshilabs.com> wrote:
> On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> > I know there are posts, and an issue opened against it, but is there
> > anyone writing a BIP for Sign / Verify message against a SegWit address?
>
> Dan, are you still planning to write this BIP?
>
> --
> Best Regards / S pozdravom,
>
> Pavol "stick" Rusnak
> CTO, SatoshiLabs
>
[-- Attachment #2: Type: text/html, Size: 1104 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-12-21 22:23 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-08 18:25 [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses Dan Bryant
2017-12-09 12:57 ` Sjors Provoost
2017-12-19 21:36 ` Pavol Rusnak
2017-12-19 21:58 ` Mark Friedenbach
2017-12-21 11:19 ` Damian Williamson
2017-12-21 16:29 ` Mark Friedenbach
2017-12-21 17:23 ` Jason Dreyzehner
2017-12-21 22:22 ` Dan Bryant
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox