* [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. @ 2017-12-08 18:25 Dan Bryant 2017-12-09 12:57 ` Sjors Provoost 2017-12-19 21:36 ` Pavol Rusnak 0 siblings, 2 replies; 8+ messages in thread From: Dan Bryant @ 2017-12-08 18:25 UTC (permalink / raw) To: bitcoin-dev [-- Attachment #1: Type: text/plain, Size: 334 bytes --] I know there are posts, and an issue opened against it, but is there anyone writing a BIP for Sign / Verify message against a SegWit address? I realize it is not a feature in wide use, but I think it still serves an important purpose, such as when proof of assets are requested. ref: https://github.com/bitcoin/bitcoin/issues/10542 [-- Attachment #2: Type: text/html, Size: 486 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. 2017-12-08 18:25 [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses Dan Bryant @ 2017-12-09 12:57 ` Sjors Provoost 2017-12-19 21:36 ` Pavol Rusnak 1 sibling, 0 replies; 8+ messages in thread From: Sjors Provoost @ 2017-12-09 12:57 UTC (permalink / raw) To: Bitcoin Protocol Discussion, DKBryant [-- Attachment #1.1: Type: text/plain, Size: 1700 bytes --] I would like to see this specifically for P2SH-PWPKH and/or native SegWit bech32 addresses. Use cases I can think of are "I'm the whale in charge of these funds, listen to me" and some form of polling. It's nice if funds aren't excluded from these type of functionalities just because they have a complicated redeem script. So something more generic like the Elements implementation / suggestion Greg Maxwell referred to in the Github thread would be nice too. Is it also useful or possible to sign a message proving you are able to redeem some arbitrary branch in a MAST-like tree of scripts? What about being a minority part of a multisig? All these features have privacy trade-offs, as well as perhaps security trade-offs, e.g. when you reveal a public key that was otherwise hidden behind a hash (i.e. if someone were to break secp256k1, they'd first organize a popular poll). There's no BIP for the current message signing mechanism either afaik. Sjors > Op 8 dec. 2017, om 19:25 heeft Dan Bryant via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> het volgende geschreven: > > I know there are posts, and an issue opened against it, but is there anyone writing a BIP for Sign / Verify message against a SegWit address? > > I realize it is not a feature in wide use, but I think it still serves an important purpose, such as when proof of assets are requested. > > ref: https://github.com/bitcoin/bitcoin/issues/10542 <https://github.com/bitcoin/bitcoin/issues/10542> > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev [-- Attachment #1.2: Type: text/html, Size: 2755 bytes --] [-- Attachment #2: Message signed with OpenPGP --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. 2017-12-08 18:25 [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses Dan Bryant 2017-12-09 12:57 ` Sjors Provoost @ 2017-12-19 21:36 ` Pavol Rusnak 2017-12-19 21:58 ` Mark Friedenbach 2017-12-21 22:22 ` Dan Bryant 1 sibling, 2 replies; 8+ messages in thread From: Pavol Rusnak @ 2017-12-19 21:36 UTC (permalink / raw) To: DKBryant, Bitcoin Protocol Discussion On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote: > I know there are posts, and an issue opened against it, but is there > anyone writing a BIP for Sign / Verify message against a SegWit address? Dan, are you still planning to write this BIP? -- Best Regards / S pozdravom, Pavol "stick" Rusnak CTO, SatoshiLabs ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. 2017-12-19 21:36 ` Pavol Rusnak @ 2017-12-19 21:58 ` Mark Friedenbach 2017-12-21 11:19 ` Damian Williamson 2017-12-21 17:23 ` Jason Dreyzehner 2017-12-21 22:22 ` Dan Bryant 1 sibling, 2 replies; 8+ messages in thread From: Mark Friedenbach @ 2017-12-19 21:58 UTC (permalink / raw) To: Pavol Rusnak, Bitcoin Protocol Discussion For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things: (1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold. (2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and (3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins. There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script. Mark > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote: >> I know there are posts, and an issue opened against it, but is there >> anyone writing a BIP for Sign / Verify message against a SegWit address? > > Dan, are you still planning to write this BIP? > > -- > Best Regards / S pozdravom, > > Pavol "stick" Rusnak > CTO, SatoshiLabs > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev ^ permalink raw reply [flat|nested] 8+ messages in thread
* [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. 2017-12-19 21:58 ` Mark Friedenbach @ 2017-12-21 11:19 ` Damian Williamson 2017-12-21 16:29 ` Mark Friedenbach 2017-12-21 17:23 ` Jason Dreyzehner 1 sibling, 1 reply; 8+ messages in thread From: Damian Williamson @ 2017-12-21 11:19 UTC (permalink / raw) To: Bitcoin Protocol Discussion [-- Attachment #1: Type: text/plain, Size: 3289 bytes --] In all seriousness, being able to sign a message is an important feature whether it is with Bitcoin Core or, with some other method. It is a good feature and it would be worthwhile IMHO to update it for SegWit addresses. I don't know about renewing it altogether, I like the current simplicity. Regards, Damian Williamson ------------------------------------ Sometimes I like to sign a message just to verify that is what I have said. - Bitcoin: 1PMUf9aaQ41M4bgVbCAPVwAeuKvj8CwxJg ------------------------------------ Signature: HwJPqyWF0CbdsR7x737HbNIDoRufsrMI5XYQsKZ+MrWCJ6K7imtLY00sTCmSMDigZxRuoxyYZyQUw/lL0m/MV9M= (Of course, signed messages will verify better usually with plain text and not HTML interpreted email - need a switch for outlook.com to send plaintext.) ________________________________ From: bitcoin-dev-bounces@lists.linuxfoundation.org <bitcoin-dev-bounces@lists.linuxfoundation.org> on behalf of Mark Friedenbach via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> Sent: Wednesday, 20 December 2017 8:58 AM To: Pavol Rusnak; Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things: (1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold. (2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and (3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins. There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script. Mark > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote: >> I know there are posts, and an issue opened against it, but is there >> anyone writing a BIP for Sign / Verify message against a SegWit address? > > Dan, are you still planning to write this BIP? > > -- > Best Regards / S pozdravom, > > Pavol "stick" Rusnak > CTO, SatoshiLabs > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev [-- Attachment #2: Type: text/html, Size: 5757 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. 2017-12-21 11:19 ` Damian Williamson @ 2017-12-21 16:29 ` Mark Friedenbach 0 siblings, 0 replies; 8+ messages in thread From: Mark Friedenbach @ 2017-12-21 16:29 UTC (permalink / raw) To: Damian Williamson, Bitcoin Protocol Discussion [-- Attachment #1: Type: text/plain, Size: 3741 bytes --] It doesn’t matter what it does under the hood. The api could be the same. > On Dec 21, 2017, at 3:19 AM, Damian Williamson via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > > In all seriousness, being able to sign a message is an important feature whether it is with Bitcoin Core or, with some other method. It is a good feature and it would be worthwhile IMHO to update it for SegWit addresses. I don't know about renewing it altogether, I like the current simplicity. > > Regards, > Damian Williamson > > ------------------------------------ > Sometimes I like to sign a message just to verify that is what I have said. > - > Bitcoin: 1PMUf9aaQ41M4bgVbCAPVwAeuKvj8CwxJg > ------------------------------------ > Signature: > HwJPqyWF0CbdsR7x737HbNIDoRufsrMI5XYQsKZ+MrWCJ6K7imtLY00sTCmSMDigZxRuoxyYZyQUw/lL0m/MV9M= > > (Of course, signed messages will verify better usually with plain text and not HTML interpreted email - need a switch for outlook.com to send plaintext.) > From: bitcoin-dev-bounces@lists.linuxfoundation.org <bitcoin-dev-bounces@lists.linuxfoundation.org> on behalf of Mark Friedenbach via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> > Sent: Wednesday, 20 December 2017 8:58 AM > To: Pavol Rusnak; Bitcoin Protocol Discussion > Subject: Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. > > For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things: > > (1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold. > > (2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and > > (3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins. > > There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script. > > Mark > > > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > > > > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote: > >> I know there are posts, and an issue opened against it, but is there > >> anyone writing a BIP for Sign / Verify message against a SegWit address? > > > > Dan, are you still planning to write this BIP? > > > > -- > > Best Regards / S pozdravom, > > > > Pavol "stick" Rusnak > > CTO, SatoshiLabs > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev [-- Attachment #2: Type: text/html, Size: 6873 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. 2017-12-19 21:58 ` Mark Friedenbach 2017-12-21 11:19 ` Damian Williamson @ 2017-12-21 17:23 ` Jason Dreyzehner 1 sibling, 0 replies; 8+ messages in thread From: Jason Dreyzehner @ 2017-12-21 17:23 UTC (permalink / raw) To: Mark Friedenbach, Bitcoin Protocol Discussion [-- Attachment #1: Type: text/plain, Size: 2575 bytes --] You might be interested in this proposal, which is very similar. The repo contains a very basic implementation in typescript: https://github.com/bitauth/bitauth2017/blob/master/bips/0-bitauth.mediawiki https://github.com/bitauth/bitauth2017/ On Tue, Dec 19, 2017 at 4:59 PM Mark Friedenbach via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > For what it’s worth, I think it would be quite easy to do better than the > implied solution of rejiggering the message signing system to support > non-P2PKH scripts. Instead, have the signature be an actual bitcoin > transaction with inputs that have the script being signed. Use the salted > hash of the message being signed as the FORKID as if this were a spin-off > with replay protection. This accomplishes three things: > > (1) This enables signing by any infrastructure out there — including > hardware wallets and 2FA signing services — that have enabled support for > FORKID signing, which is a wide swath of the ecosystem because of Bitcoin > Cash and Bitcoin Gold. > > (2) It generalizes the message signing to allow multi-party signing setups > as complicated (via sighash, etc.) as those bitcoin transactions allow, > using existing and future tools based on Partially Signed Bitcoin > Transactions; and > > (3) It unifies a single approach for message signing, proof of reserve > (where the inputs are actual UTXOs), and off-chain colored coins. > > There’s the issue of size efficiency, but for the single-party message > signing application that can be handled by a BIP that specifies a template > for constructing the pseudo-transaction and its inputs from a raw script. > > Mark > > > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > > > > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote: > >> I know there are posts, and an issue opened against it, but is there > >> anyone writing a BIP for Sign / Verify message against a SegWit address? > > > > Dan, are you still planning to write this BIP? > > > > -- > > Best Regards / S pozdravom, > > > > Pavol "stick" Rusnak > > CTO, SatoshiLabs > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > [-- Attachment #2: Type: text/html, Size: 3543 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses. 2017-12-19 21:36 ` Pavol Rusnak 2017-12-19 21:58 ` Mark Friedenbach @ 2017-12-21 22:22 ` Dan Bryant 1 sibling, 0 replies; 8+ messages in thread From: Dan Bryant @ 2017-12-21 22:22 UTC (permalink / raw) To: Pavol Rusnak; +Cc: Bitcoin Protocol Discussion [-- Attachment #1: Type: text/plain, Size: 562 bytes --] legacy message sign verify BIP to get the ball rolling. early draft: https://github.com/brianddk/bips/blob/legacysignverify/bip-0xyz.mediawiki On Tue, Dec 19, 2017 at 3:36 PM, Pavol Rusnak <stick@satoshilabs.com> wrote: > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote: > > I know there are posts, and an issue opened against it, but is there > > anyone writing a BIP for Sign / Verify message against a SegWit address? > > Dan, are you still planning to write this BIP? > > -- > Best Regards / S pozdravom, > > Pavol "stick" Rusnak > CTO, SatoshiLabs > [-- Attachment #2: Type: text/html, Size: 1104 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-12-21 22:23 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-12-08 18:25 [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses Dan Bryant 2017-12-09 12:57 ` Sjors Provoost 2017-12-19 21:36 ` Pavol Rusnak 2017-12-19 21:58 ` Mark Friedenbach 2017-12-21 11:19 ` Damian Williamson 2017-12-21 16:29 ` Mark Friedenbach 2017-12-21 17:23 ` Jason Dreyzehner 2017-12-21 22:22 ` Dan Bryant
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox