1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
|
Return-Path: <gsanders87@gmail.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 98F70C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 20 Jul 2022 21:51:06 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 6850761109
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 20 Jul 2022 21:51:06 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 6850761109
Authentication-Results: smtp3.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20210112 header.b=iGPFNwsk
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.349
X-Spam-Level:
X-Spam-Status: No, score=-1.349 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, PDS_BTC_ID=0.499, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Fi763Q7sWl0N
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 20 Jul 2022 21:51:05 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1C30160B4E
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com
[IPv6:2607:f8b0:4864:20::1029])
by smtp3.osuosl.org (Postfix) with ESMTPS id 1C30160B4E
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 20 Jul 2022 21:51:05 +0000 (UTC)
Received: by mail-pj1-x1029.google.com with SMTP id gq7so2787517pjb.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 20 Jul 2022 14:51:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=oNrmBjh3+ExIS3Qq7UzwDDHzBLnFWHH/gILRqqqp4sM=;
b=iGPFNwsk7sCUyNeczR10nntzMPq+QDc6S2fSu9Awo1v0GW/70Sfi0dXi7Mgg/VgoSZ
0eKnF1Pjau35xZiH2aC7MypY2tpoMQPqV2k/nbY39jYPhN/ntb3XxTqmMaqePo+7TG1j
6hheZa6r1mqS5iLWJ2e24YD/CB3q2FD1naM7kdpA7n7cQbs0NiO7IEJ6EVXgETJWVlRB
TJf/OeKwMfREpMQvsTTnLvcketrQRPDZhfEFo3/TVSlCVQmdQ8SWqEkwij9x+k+s++Fw
zw5B1Xv7yO20d5dEmr6TDc0HmoTMnPU0D8oFpEjtwjvVqA3whFuNg9P4UZRW6CFC+ZlH
BOPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=oNrmBjh3+ExIS3Qq7UzwDDHzBLnFWHH/gILRqqqp4sM=;
b=OfMimp4+4dZhlyX3eW2gMpTPW6QOCtaVwuVUHQgA1w5whW/vAI77p7Nc/R1l8kWk0B
D737kTxiSC4iiJGV4ZK20s9vXzGUZxTWJX6kubLeQFNjCqpVKkniCG+wj23R3SVgd9o5
7981f5bSQqfw9nMu1SPqQpZXselOzxthHWMZAQFLYzpD+lrkWqIzzn6xCefbUsWqzQSZ
YExIoTNgNZin3zpzKvPH17k3JhKSS5Ac3llJ9H3EE+RyoXYftn/A3myHIY/af0z+hyIH
YX7X+xWBgeI+5g35cv767BP90PRldvgLtmvzkgFunugDsS1eQK4BaXI27oYYqJym11Hd
e9aQ==
X-Gm-Message-State: AJIora8xtpMP6YjjkLl0eBk4inojUxy3pKVOdWE0RD+pFciMSUJbpJra
iTws+UNOMfeJbgSPZ1txAw6cll5ncFkNUaoTGr8=
X-Google-Smtp-Source: AGRyM1tiaxrHxtEyW6wC3bDph6aVpZYFDFxB8Hyl9i2y7778OVHRLuN+MWaMym0An5E7zHGlou0h6fTv5M1HzrImw54=
X-Received: by 2002:a17:903:2ce:b0:16c:f66b:50fa with SMTP id
s14-20020a17090302ce00b0016cf66b50famr16178545plk.109.1658353864215; Wed, 20
Jul 2022 14:51:04 -0700 (PDT)
MIME-Version: 1.0
References: <7QoRGux2ow375UP6-XXIF6kI_0tbt-RxKrXiyuDBWVWh6Shjia-ShKy_or5FK9u46KkPAvK2biaSe_x8fMWP0Q==@protonmail.internalid>
<mailman.84940.1658205911.8511.bitcoin-dev@lists.linuxfoundation.org>
<20220719104725.ppic7jy4ghfieeap@artanis>
<oe8IgklW6ypj4lPpkHumHi-Y79x0ZQqzxzPVYrRadh3oz0130kKr7Q2TwGp8_wqpvif-B1stIifA_0kOmO3BOZvQMDXisSsLEN17js1z0lY=@notatether.com>
<YtgDqWSIbX8EJc3B@coinkite.com>
In-Reply-To: <YtgDqWSIbX8EJc3B@coinkite.com>
From: Greg Sanders <gsanders87@gmail.com>
Date: Wed, 20 Jul 2022 17:50:53 -0400
Message-ID: <CAB3F3Du0OXcUvi6h8v0VZEj4cG24DJs04Vho8sM4Frhdhj5DrA@mail.gmail.com>
To: Peter <peter@coinkite.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000fd142e05e44398de"
Cc: Ali Sherief <ali@notatether.com>
Subject: Re: [bitcoin-dev] Trying all address types in message signing
verification (BIP)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2022 21:51:06 -0000
--000000000000fd142e05e44398de
Content-Type: text/plain; charset="UTF-8"
Please see BIP322
https://github.com/bitcoin/bips/blob/master/bip-0322.mediawiki
On Wed, Jul 20, 2022, 5:46 PM Peter (Coinkite Inc) via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi Ali.
>
> > This BIP does not replace, supersede, or obsolete BIPs 173 or 322. My
> proposal is simply going to standardize the practice of placing the segwit
> address into the address field, and does not require alterations to the
> message signing format like those BIPs.
>
> COLDCARD makes signatures exacly like that, when told to sign with a
> segwit address:
>
> % ckcc msg -s Hello
> Hello
> bc1qzeacswvlulg0jngad9gmtkvdp9lwum42wwzdu5
>
> HxuuWQwjw0417fLV9L0kWbt7w9XOIWKhHMhjXhyXTczcSozGTXM4knqdISiYbbmqSRXqI5mNTWH9qkDoqZTpnPc=
>
> Unfortunately, I do not know of any "verifiers" that will accept the above
> signature, but there is no alternative since the various BIP-322 proposals
> never gained wide acceptance.
>
> Bitcoin Core does not support verifying that message, even though the UX
> makes it look possible. In effect segwit features never got implemented to
> that depth in Core. It's sad because the community is not maintaining core
> (Core?) features to the same depth as Satoshi did when he was active in the
> project.
>
> > PS. I am pretty sure that there is a BIP for the original signing method
> - what is its number?
>
> My understanding that the original approach was directly from Satoshi
> himself when the original client was written. It has never been codified in
> a BIP as far as I know.
>
> A related issue the the "ascii armor" that is sometimes used. It's a
> little like RFC2440 <https://www.ietf.org/rfc/rfc2440.txt> but
> newline-treatment isn't defined well enough for good interoperability, in
> my personal experience.
>
> So in summary... yes a "defacto" BIP is needed and useful to do, in my
> opinion. Then Core should be updated to support it as well.
>
> ---
> @DocHEX || Coinkite || PGP: A3A31BAD 5A2A5B10
>
>
> On Wed, Jul 20, 2022 at 04:10:09AM +0000, Ali Sherief wrote:
> > [my third attempt at getting this message through. Surprisingly, I
> managed to send this at the second try with the correct SMTP, From, To and
> all, but maybe it was caught in GreyListing (protonmail).]
> >
> > I was thinking about creating a BIP to address the lack of
> standardization for Segwit message signatures, but I want some advice
> before proceeding.
> >
> > The current state of affairs is that the wallets that do support signing
> and verifying a bitcoin message can only sign legacy addresses. It is
> technically possible to sign and verify segwit addresses, since ECDSA only
> depends on the public key (hence why you need a private key to sign
> messages).
> >
> > However, because there is no generally-accepted standard for signing
> segwit messages, the wallets that do support this feature simply insert the
> segwit address into the address field. Verification also only works using
> the procedure on that specific wallet software, if only because the
> conventional tools for verifying messages attempt to reconstruct a legacy
> address only.
> >
> > This BIP is not going to enforce anything, it's just going to set
> guidelines for writing a message signing and verification procedure.
> >
> > This BIP does not replace, supersede, or obsolete BIPs 173 or 322. My
> proposal is simply going to standardize the practice of placing the segwit
> address into the address field, and does not require alterations to the
> message signing format like those BIPs.
> >
> > In summary, in the verification part, the following address hashing
> algorithms will be tried in sequence in an attempt to reconstruct the
> address in the signed message:
> > - P2PKH (legacy address)
> > - P2WPKH-P2SH (nested segwit)
> > - P2WPKH with version from 0 to MAX_WITNESS_VERSION (covers native
> segwit with version 0 as well as future native segwit address types such as
> Taproot) - where MAX_WITNESS_VERSION is the maximum supported witness
> version by the bech32 encoding.
> >
> > The verification procedure stops if any of these hashes yield the
> correct address, and fails if all of the above methods fail to reproduce
> the address in the signed message.
> >
> > In the signing procedure, the only modification is the insertion of the
> segwit address in place of the legacy address in the signed message.
> >
> > If this BIP is approved, it does not require any changes to existing
> signed messages, and the original sign/verify algorithms will continue to
> interoperate with this improved sign/verify algorithm, without any action
> necessary from the developers.
> >
> > So as you can see, this is the entire framework of the BIP I plan to
> draft. There is no need for any auxilliary feature additions into this BIP.
> I just want to hear the mailing list's advice about how I should draft such
> a BIP.
> >
> > - Ali
> >
> > PS. I am pretty sure that there is a BIP for the original signing method
> - what is its number?
> >
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--000000000000fd142e05e44398de
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">Please see BIP322=C2=A0<a href=3D"https://github.com/bitc=
oin/bips/blob/master/bip-0322.mediawiki">https://github.com/bitcoin/bips/bl=
ob/master/bip-0322.mediawiki</a></div><br><div class=3D"gmail_quote"><div d=
ir=3D"ltr" class=3D"gmail_attr">On Wed, Jul 20, 2022, 5:46 PM Peter (Coinki=
te Inc) via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfounda=
tion.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #=
ccc solid;padding-left:1ex">Hi Ali.<br>
<br>
> This BIP does not replace, supersede, or obsolete BIPs 173 or 322. My =
proposal is simply going to standardize the practice of placing the segwit =
address into the address field, and does not require alterations to the mes=
sage signing format like those BIPs.<br>
<br>
COLDCARD makes signatures exacly like that, when told to sign with a segwit=
address:<br>
<br>
=C2=A0 =C2=A0 % ckcc msg -s Hello<br>
=C2=A0 =C2=A0 Hello=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<br>
=C2=A0 =C2=A0 bc1qzeacswvlulg0jngad9gmtkvdp9lwum42wwzdu5<br>
=C2=A0 =C2=A0 HxuuWQwjw0417fLV9L0kWbt7w9XOIWKhHMhjXhyXTczcSozGTXM4knqdISiYb=
bmqSRXqI5mNTWH9qkDoqZTpnPc=3D<br>
<br>
Unfortunately, I do not know of any "verifiers" that will accept =
the above signature, but there is no alternative since the various BIP-322 =
proposals never gained wide acceptance.<br>
<br>
Bitcoin Core does not support verifying that message, even though the UX ma=
kes it look possible. In effect segwit features never got implemented to th=
at depth in Core. It's sad because the community is not maintaining cor=
e (Core?) features to the same depth as Satoshi did when he was active in t=
he project.<br>
<br>
> PS. I am pretty sure that there is a BIP for the original signing meth=
od - what is its number?<br>
<br>
My understanding that the original approach was directly from Satoshi himse=
lf when the original client was written. It has never been codified in a BI=
P as far as I know.<br>
<br>
A related issue the the "ascii armor" that is sometimes used. It&=
#39;s a little like RFC2440 <<a href=3D"https://www.ietf.org/rfc/rfc2440=
.txt" rel=3D"noreferrer noreferrer" target=3D"_blank">https://www.ietf.org/=
rfc/rfc2440.txt</a>> but newline-treatment isn't defined well enough=
for good interoperability, in my personal experience.<br>
<br>
So in summary... yes a "defacto" BIP is needed and useful to do, =
in my opinion. Then Core should be updated to support it as well.<br>
<br>
---<br>
@DocHEX=C2=A0 ||=C2=A0 Coinkite=C2=A0 ||=C2=A0 PGP: A3A31BAD 5A2A5B10<br>
<br>
<br>
On Wed, Jul 20, 2022 at 04:10:09AM +0000, Ali Sherief wrote:<br>
> [my third attempt at getting this message through. Surprisingly, I man=
aged to send this at the second try with the correct SMTP, From, To and all=
, but maybe it was caught in GreyListing (protonmail).]<br>
> <br>
> I was thinking about creating a BIP to address the lack of standardiza=
tion for Segwit message signatures, but I want some advice before proceedin=
g.<br>
> <br>
> The current state of affairs is that the wallets that do support signi=
ng and verifying a bitcoin message can only sign legacy addresses. It is te=
chnically possible to sign and verify segwit addresses, since ECDSA only de=
pends on the public key (hence why you need a private key to sign messages)=
.<br>
> <br>
> However, because there is no generally-accepted standard for signing s=
egwit messages, the wallets that do support this feature simply insert the =
segwit address into the address field. Verification also only works using t=
he procedure on that specific wallet software, if only because the conventi=
onal tools for verifying messages attempt to reconstruct a legacy address o=
nly.<br>
> <br>
> This BIP is not going to enforce anything, it's just going to set =
guidelines for writing a message signing and verification procedure.<br>
> <br>
> This BIP does not replace, supersede, or obsolete BIPs 173 or 322. My =
proposal is simply going to standardize the practice of placing the segwit =
address into the address field, and does not require alterations to the mes=
sage signing format like those BIPs.<br>
> <br>
> In summary, in the verification part, the following address hashing al=
gorithms will be tried in sequence in an attempt to reconstruct the address=
in the signed message:<br>
> - P2PKH (legacy address)<br>
> - P2WPKH-P2SH (nested segwit)<br>
> - P2WPKH with version from 0 to MAX_WITNESS_VERSION (covers native seg=
wit with version 0 as well as future native segwit address types such as Ta=
proot) - where MAX_WITNESS_VERSION is the maximum supported witness version=
by the bech32 encoding.<br>
> <br>
> The verification procedure stops if any of these hashes yield the corr=
ect address, and fails if all of the above methods fail to reproduce the ad=
dress in the signed message.<br>
> <br>
> In the signing procedure, the only modification is the insertion of th=
e segwit address in place of the legacy address in the signed message.<br>
> <br>
> If this BIP is approved, it does not require any changes to existing s=
igned messages, and the original sign/verify algorithms will continue to in=
teroperate with this improved sign/verify algorithm, without any action nec=
essary from the developers.<br>
> <br>
> So as you can see, this is the entire framework of the BIP I plan to d=
raft. There is no need for any auxilliary feature additions into this BIP. =
I just want to hear the mailing list's advice about how I should draft =
such a BIP.<br>
> <br>
> - Ali<br>
> <br>
> PS. I am pretty sure that there is a BIP for the original signing meth=
od - what is its number?<br>
> <br>
<br>
<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" =
rel=3D"noreferrer">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati=
on.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--000000000000fd142e05e44398de--
|
