Hello All,

I have made a pull request based on the discussion currently. Please move discussion there.

https://github.com/bitcoin/bips/pull/801

Thanks,
Jonathan

2019年6月29日(土) 17:11 Jonathan Underwood <junderwood@bitcoinbank.co.jp>:
Even if the difference is apparent outside the signed data (in the output). Signing the data explicitly is more secure.

ie. if some sort of vulnerability / way to break this system for 1-of-1 multisig is found, someone who signed a single sig xpub whitelist will not be exposed.

2019年6月29日(土) 13:43 Dmitry Petukhov <dp@simplexum.com>:
В Sat, 29 Jun 2019 09:19:41 +0900
Jonathan Underwood <junderwood@bitcoinbank.co.jp> пишет:

> > Other note: you have 'unused' value of 1 for `m` in your scheme, why
> > not require m=1 for single-sig case, and use 0 as indicator that
> > there are a serlal number following it?
> > 
>
> 0x00 is single sig, aka, OP_CHECKSIG
>
> 0x01 is multisig, aka, 1-of-3, 1-of-2 OP_CHECKMULTISIG

This informatin is available in per-output redeem/witness script,
signer will be able to distinguish between multisig/single-sig by
looking at this script. I think it only need to know the total number
of keys participating in the signing, and check that this number
matches the particulars of redeem/witness script.



--
-----------------
Jonathan Underwood
ビットバンク社 チーフビットコインオフィサー
-----------------

暗号化したメッセージをお送りの方は下記の公開鍵をご利用下さい。

指紋: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3