summaryrefslogtreecommitdiff
path: root/4b/b88afa4693423396a2b6abaeb5596b4608e309
blob: 78b48f7d3d46b1eb5f058645fcd9cac72152f047 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
Return-Path: <hoenicke@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 85FD58A1
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 21 Aug 2017 21:36:28 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr0-f171.google.com (mail-wr0-f171.google.com
	[209.85.128.171])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3601D3D5
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 21 Aug 2017 21:36:28 +0000 (UTC)
Received: by mail-wr0-f171.google.com with SMTP id p14so40948144wrg.1
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 21 Aug 2017 14:36:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=subject:to:references:from:message-id:date:user-agent:mime-version
	:in-reply-to:content-language:content-transfer-encoding;
	bh=B8nSr5yH47J58Idhm2Vq96BX/cYgBchBWCLbgaz5i60=;
	b=p4tviGs+Jnrga2YsutRZGWNtUR+GawXfF9TZMePqWHXjWKRiIxJ27Ub7nYXncN+Xaq
	av8SwxSlH2rOjHtYaPl8aRxL8qYvAq1tdRNvzp2bFpMAqRmjU/D1QHLbuABnSBdw1q4U
	gurp/GKX4CjhaCZR4nAD4a6G4rXL9gIWAYLaw3hbQttdaSN0qEZxHDWkIAOJ0a02sbGW
	GM2rn5VmQiA7sVV4PRuQrCGIyGKaC6yrcHEtHJJtvT1qUSsXc5kj8BEDWt0QFmVkGvBg
	tCd14/hU1gjanOvSCA8HCR6CDJ/NC4E+H2pYlCQw5afmH9eeiOfZw0kD1wH4IdL7EdvO
	mKPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:subject:to:references:from:message-id:date
	:user-agent:mime-version:in-reply-to:content-language
	:content-transfer-encoding;
	bh=B8nSr5yH47J58Idhm2Vq96BX/cYgBchBWCLbgaz5i60=;
	b=ZXmAy/ZoXNQUSMsJtKOJaIzj8MUuZRZXivBgBhWw57TerhVxoVlJx3PA0uPrk6VXHk
	5mXPHQYc8fWA1PYWmrMfmF7xUvduE13MOyxWgQtpm7qJJ2jngG/YBVjfd5MgLXcborzI
	pfiEut4qLVMjvHRmXQR+8MBzd4x50bEX9/qmEpZ9bxLAngBb37ikZCAHyurH6DBuRpbV
	e66VtHIpOsis15rCh0+vglKoyaotVXNup1G0hvPG/1cQB9tukYiqgC4HarWjJHHYIEZg
	HdkImDMdRfjGRm5g0Gpf+oG/L6jEz/m3Q+T8vUcLM0xym21f3Mrv67jKtS4DvyWACDlI
	ZKzg==
X-Gm-Message-State: AHYfb5j/B1JiDr5B1XubXp8UQYqrt64YeZCuicXE+X6pyLcbelXhMUlS
	R23Al58LhCdCwA7KYRo=
X-Received: by 10.223.146.228 with SMTP id 91mr7153014wrn.15.1503351386614;
	Mon, 21 Aug 2017 14:36:26 -0700 (PDT)
Received: from [192.168.179.103]
	(HSI-KBW-109-192-185-113.hsi6.kabel-badenwuerttemberg.de.
	[109.192.185.113]) by smtp.googlemail.com with ESMTPSA id
	j81sm782995wmd.21.2017.08.21.14.36.25
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 21 Aug 2017 14:36:25 -0700 (PDT)
To: Greg Sanders <gsanders87@gmail.com>,
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
References: <CAP6ruDR0GrLRNb4TTub+wqpwVPyzHggbomV48kLZU3tvubH73Q@mail.gmail.com>
	<CABaSBaxjGLmiM0+zTk2PoGTt1zEao-k0ADLkT47vx+mcnPACJw@mail.gmail.com>
	<CAB3F3Dv1kuJdu8veNUHa4b58TvWy=BT6zfxdhqEPBQ8rjDfWtA@mail.gmail.com>
From: Jochen Hoenicke <hoenicke@gmail.com>
Message-ID: <5f67d70d-a432-7826-22df-4207580aa1d2@gmail.com>
Date: Mon, 21 Aug 2017 23:36:24 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAB3F3Dv1kuJdu8veNUHa4b58TvWy=BT6zfxdhqEPBQ8rjDfWtA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [bitcoin-dev] [BIP Proposal] Partially Signed Bitcoin
 Transaction (PSBT) format
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2017 21:36:28 -0000

On 21.08.2017 20:12, Greg Sanders via bitcoin-dev wrote:
> To fix this I consulted with andytoshi and got something we think works
> for both cases:
> 
> 1) When a signing device receives a partially signed transaction, all
> inputs must come with a ownership proof:
> - For the input at address A, a signature over H(A || x) using the key
> for A. 'x' is some private fixed key that only the signing device
> knows(most likely some privkey along some unique bip32 path).
> - For each input ownership proof, the HW wallet validates each signature
> over the hashed message, then attempts to "decode" the hash by applying
> its own 'x'. If the hash doesn't match, it cannot be its own input.
> - Sign for every input that is yours

Interesting, basically a proof of non-ownership :), a proof that the
hardware wallet doesn't own the address.

But shouldn't x be public, so that the device can verify the signature?
Can you expand on this, what is exactly signed with which key and how is
it checked?

One also has to make sure that it's not possible to reuse signatures as
ownership proof that were made for a different purpose.

  Jochen