[bitcoin-dev] {sign|verify}message replacement

Damian Williamson willtech at live.com.au
Thu Mar 15 10:15:17 UTC 2018


That is very helpful Luke. I would not have been concerned if it was necessary to sign multiple times for multiple utxo's on different addresses but, since it is a feature it may as well be best usable. Signing for multiple inputs verifying that you have the priv key for each in your wallet is certainly usable for this popular misuse.


>Ideally, it should support not only just "proof I receive at this address",
but also "proof of funds" (as a separate feature) since this is a popular
misuse of the current message signing (which doesn't actually prove funds at
all). To do this, it needs to be capable of signing for multiple inputs.

________________________________
From: bitcoin-dev-bounces at lists.linuxfoundation.org <bitcoin-dev-bounces at lists.linuxfoundation.org> on behalf of Luke Dashjr via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
Sent: Wednesday, 14 March 2018 11:36:47 PM
To: Karl Johan Alm; Bitcoin Protocol Discussion
Subject: Re: [bitcoin-dev] {sign|verify}message replacement

I don't see a need for a new RPC interface, just a new signature format.

Ideally, it should support not only just "proof I receive at this address",
but also "proof of funds" (as a separate feature) since this is a popular
misuse of the current message signing (which doesn't actually prove funds at
all). To do this, it needs to be capable of signing for multiple inputs.

Preferably, it should also avoid disclosing the public key for existing or
future UTXOs. But I don't think it's possible to avoid this without something
MAST-like first. Perhaps it can be a MAST upgrade later on, but the new
signature scheme should probably be designed with it in mind.

Luke


On Wednesday 14 March 2018 8:09:20 AM Karl Johan Alm via bitcoin-dev wrote:
> Hello,
>
> I am considering writing a replacement for the message signing tools
> that are currently broken for all but the legacy 1xx addresses. The
> approach (suggested by Pieter Wuille) is to do a script based
> approach. This does not seem to require a lot of effort for
> implementing in Bitcoin Core*. Below is my proposal for this system:
>
> A new structure SignatureProof is added, which is a simple scriptSig &
> witnessProgram container that can be serialized. This is passed out
> from/into the signer/verifier.
>
> RPC commands:
>
> sign <address> <message> [<prehashed>=false]
>
> Generates a signature proof for <message> using the same method that
> would be used to spend coins sent to <address>.**
>
> verify <address> <message> <proof> [<prehashed>=false]
>
> Deserializes and executes the proof using a custom signature checker
> whose sighash is derived from <message>. Returns true if the check
> succeeds, and false otherwise. The scriptPubKey is derived directly
> from <address>.**
>
> Feedback welcome.
>
> -Kalle.
>
> (*) Looks like you can simply use VerifyScript with a new signature
> checker class. (h/t Nicolas Dorier)
> (**) If <prehashed> is true, <message> is the sighash, otherwise
> sighash=sha256d(message).
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev at lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180315/8fdff9f2/attachment.html>


More information about the bitcoin-dev mailing list