Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 004AAC9E for ; Tue, 23 Jul 2019 05:03:46 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-yw1-f54.google.com (mail-yw1-f54.google.com [209.85.161.54]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5929EF1 for ; Tue, 23 Jul 2019 05:03:45 +0000 (UTC) Received: by mail-yw1-f54.google.com with SMTP id x67so15244584ywd.3 for ; Mon, 22 Jul 2019 22:03:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitcoinbank.co.jp; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=fBG/Oai8uU2XBac+IHwA3huIOxfda1Bbbf0GuJ8dv8s=; b=cljbbrI8U1mGSG2rD0bxgNIuTxlNyx2nafnj55MOrTkgncyOaF+ezzj3q3uhkYtuJh tNqApxk/hzlWodgZHIOIYeeFwn70vb3YbPQL7DhxZyRV+yOYMMdYf3E0qC2SjzT5cYv9 bDZADy1q6XTSCfqvlDqd0alJgHST1Ny/ivu/oDCb3UvXrXC7OwMcowQdVBQzCrWDiq8J 5IL6n26T77GBSF6CCu8Sj+IrIGfh3P1Ob+3vJThDPLqROV5nmYVWSisEFD8Dt0wpmcsk WOfXYrD1M7OEf2PAgyKAan2TnrsyjohrZPpn4X8iNqLeR/lhd/DdX4ZKfj3L9hVT1wPJ T07g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=fBG/Oai8uU2XBac+IHwA3huIOxfda1Bbbf0GuJ8dv8s=; b=PZDWC/D8xuVXz0nozY4h4x61WHsbWjNMvLurFxztFMAbFiVOPr7ZBszRWKz+Ns4dnK 4DF3+EyghxapSNW8QSByUpCo+X5s+YS3Lq67tTni1C6YgEw3e5CmdgVd7OyhhsoFS258 Nn+GfLsf2SJGAyrSKq6iZ4BCRRKLGWKZcZQdry1GAeq3Yagta6z8UV9el2k1eLMIdxIM id3EEQ+KYxb3hKn985tYPqXuR8hg9x1ppIPCT6NLyx+GNwu0EMAY4UClKiQoYX6cTlbT HE98oRydDjOuQ5dx+fTTWshAj1QxtEiB0tOg1aez/Nf3bpd+VZOrseDuGcDrmy+Q57qn vrsQ== X-Gm-Message-State: APjAAAXY4ppZwieRWYj9l8bP1Y+7Zu4LqBEzIgkfIwjx7cQEoH4tc0Cs EZuXB8EH5ho6+XPMnm63zKRp36wnH2A80/NSOWWs1ZsMjA== X-Google-Smtp-Source: APXvYqwW7gBTawo6Yep7DxfCKDxLJB1/pY6wLfAFYDNoBZu0hG5K9m320tgSszEYIBO+P2OyYzoO2nhxWENj6TXVkvk= X-Received: by 2002:a81:5e44:: with SMTP id s65mr42134564ywb.441.1563858224101; Mon, 22 Jul 2019 22:03:44 -0700 (PDT) MIME-Version: 1.0 References: <20190627095031.4d5817b8@simplexum.com> <20190627122916.3b6c2c32@simplexum.com> <20190627181429.15dda570@simplexum.com> <20190627202932.1cb4d727@simplexum.com> <20190629024816.2193363e@simplexum.com> <20190629094512.558ce181@simplexum.com> In-Reply-To: From: Jonathan Underwood Date: Tue, 23 Jul 2019 14:03:32 +0900 Message-ID: To: Bitcoin development mailing list Content-Type: multipart/alternative; boundary="000000000000ed4b3a058e521da7" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 24 Jul 2019 11:36:19 +0000 Subject: Re: [bitcoin-dev] BIP174 extension proposal (Global Type: PSBT_GLOBAL_XPUB_SIGNATURE) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jul 2019 05:03:46 -0000 --000000000000ed4b3a058e521da7 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello All, I have made a pull request based on the discussion currently. Please move discussion there. https://github.com/bitcoin/bips/pull/801 Thanks, Jonathan 2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 17:11 Jonathan Underwood : > Even if the difference is apparent outside the signed data (in the > output). Signing the data explicitly is more secure. > > ie. if some sort of vulnerability / way to break this system for 1-of-1 > multisig is found, someone who signed a single sig xpub whitelist will no= t > be exposed. > > 2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 13:43 Dmitry Petukhov : > >> =D0=92 Sat, 29 Jun 2019 09:19:41 +0900 >> Jonathan Underwood =D0=BF=D0=B8=D1=88=D0= =B5=D1=82: >> >> > > Other note: you have 'unused' value of 1 for `m` in your scheme, why >> > > not require m=3D1 for single-sig case, and use 0 as indicator that >> > > there are a serlal number following it? >> > > >> > >> > 0x00 is single sig, aka, OP_CHECKSIG >> > >> > 0x01 is multisig, aka, 1-of-3, 1-of-2 OP_CHECKMULTISIG >> >> This informatin is available in per-output redeem/witness script, >> signer will be able to distinguish between multisig/single-sig by >> looking at this script. I think it only need to know the total number >> of keys participating in the signing, and check that this number >> matches the particulars of redeem/witness script. >> > > --=20 ----------------- Jonathan Underwood =E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE =E3=83=81= =E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3= =82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC ----------------- =E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=E3= =83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=81= =AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=94= =E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82 =E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3 --000000000000ed4b3a058e521da7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello All,

I have made a pull request b= ased on the discussion currently. Please move discussion there.

https://github.com/bitcoin= /bips/pull/801

Thanks,
Jonathan<= /div>

2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 17:11 Jonathan Underwood= <junderwood@bitcoinbank= .co.jp>:
=
Even if the difference is apparent outside the signed= data (in the output). Signing the data explicitly is more secure.

i= e. if some sort of vulnerability / way to break this system for 1-of-1 mult= isig is found, someone who signed a single sig xpub whitelist will not be e= xposed.

2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 13:43 Dmitry Petukhov = <dp@simplexum.com<= /a>>:
=D0=92 = Sat, 29 Jun 2019 09:19:41 +0900
Jonathan Underwood <
junderwood@bitcoinbank.co.jp> =D0=BF=D0=B8=D1=88=D0=B5= =D1=82:

> > Other note: you have 'unused' value of 1 for `m` in your = scheme, why
> > not require m=3D1 for single-sig case, and use 0 as indicator tha= t
> > there are a serlal number following it?
> >=C2=A0
>
> 0x00 is single sig, aka, OP_CHECKSIG
>
> 0x01 is multisig, aka, 1-of-3, 1-of-2 OP_CHECKMULTISIG

This informatin is available in per-output redeem/witness script,
signer will be able to distinguish between multisig/single-sig by
looking at this script. I think it only need to know the total number
of keys participating in the signing, and check that this number
matches the particulars of redeem/witness script.



--
-----------------
Jonathan Underwood
= =E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE=E3=80=80=E3= =83=81=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83= =B3=E3=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC
----------------= -

=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3= =83=A1=E3=83=83=E3=82=BB=E3=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82= =8A=E3=81=AE=E6=96=B9=E3=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B= =E9=8D=B5=E3=82=92=E3=81=94=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3= =80=82

=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3= FDAD998682F3590FEA3
--000000000000ed4b3a058e521da7--