1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
Return-Path: <hoenicke@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 85FD58A1
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 21 Aug 2017 21:36:28 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr0-f171.google.com (mail-wr0-f171.google.com
[209.85.128.171])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3601D3D5
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 21 Aug 2017 21:36:28 +0000 (UTC)
Received: by mail-wr0-f171.google.com with SMTP id p14so40948144wrg.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 21 Aug 2017 14:36:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=subject:to:references:from:message-id:date:user-agent:mime-version
:in-reply-to:content-language:content-transfer-encoding;
bh=B8nSr5yH47J58Idhm2Vq96BX/cYgBchBWCLbgaz5i60=;
b=p4tviGs+Jnrga2YsutRZGWNtUR+GawXfF9TZMePqWHXjWKRiIxJ27Ub7nYXncN+Xaq
av8SwxSlH2rOjHtYaPl8aRxL8qYvAq1tdRNvzp2bFpMAqRmjU/D1QHLbuABnSBdw1q4U
gurp/GKX4CjhaCZR4nAD4a6G4rXL9gIWAYLaw3hbQttdaSN0qEZxHDWkIAOJ0a02sbGW
GM2rn5VmQiA7sVV4PRuQrCGIyGKaC6yrcHEtHJJtvT1qUSsXc5kj8BEDWt0QFmVkGvBg
tCd14/hU1gjanOvSCA8HCR6CDJ/NC4E+H2pYlCQw5afmH9eeiOfZw0kD1wH4IdL7EdvO
mKPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:subject:to:references:from:message-id:date
:user-agent:mime-version:in-reply-to:content-language
:content-transfer-encoding;
bh=B8nSr5yH47J58Idhm2Vq96BX/cYgBchBWCLbgaz5i60=;
b=ZXmAy/ZoXNQUSMsJtKOJaIzj8MUuZRZXivBgBhWw57TerhVxoVlJx3PA0uPrk6VXHk
5mXPHQYc8fWA1PYWmrMfmF7xUvduE13MOyxWgQtpm7qJJ2jngG/YBVjfd5MgLXcborzI
pfiEut4qLVMjvHRmXQR+8MBzd4x50bEX9/qmEpZ9bxLAngBb37ikZCAHyurH6DBuRpbV
e66VtHIpOsis15rCh0+vglKoyaotVXNup1G0hvPG/1cQB9tukYiqgC4HarWjJHHYIEZg
HdkImDMdRfjGRm5g0Gpf+oG/L6jEz/m3Q+T8vUcLM0xym21f3Mrv67jKtS4DvyWACDlI
ZKzg==
X-Gm-Message-State: AHYfb5j/B1JiDr5B1XubXp8UQYqrt64YeZCuicXE+X6pyLcbelXhMUlS
R23Al58LhCdCwA7KYRo=
X-Received: by 10.223.146.228 with SMTP id 91mr7153014wrn.15.1503351386614;
Mon, 21 Aug 2017 14:36:26 -0700 (PDT)
Received: from [192.168.179.103]
(HSI-KBW-109-192-185-113.hsi6.kabel-badenwuerttemberg.de.
[109.192.185.113]) by smtp.googlemail.com with ESMTPSA id
j81sm782995wmd.21.2017.08.21.14.36.25
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 21 Aug 2017 14:36:25 -0700 (PDT)
To: Greg Sanders <gsanders87@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
References: <CAP6ruDR0GrLRNb4TTub+wqpwVPyzHggbomV48kLZU3tvubH73Q@mail.gmail.com>
<CABaSBaxjGLmiM0+zTk2PoGTt1zEao-k0ADLkT47vx+mcnPACJw@mail.gmail.com>
<CAB3F3Dv1kuJdu8veNUHa4b58TvWy=BT6zfxdhqEPBQ8rjDfWtA@mail.gmail.com>
From: Jochen Hoenicke <hoenicke@gmail.com>
Message-ID: <5f67d70d-a432-7826-22df-4207580aa1d2@gmail.com>
Date: Mon, 21 Aug 2017 23:36:24 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAB3F3Dv1kuJdu8veNUHa4b58TvWy=BT6zfxdhqEPBQ8rjDfWtA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [bitcoin-dev] [BIP Proposal] Partially Signed Bitcoin
Transaction (PSBT) format
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2017 21:36:28 -0000
On 21.08.2017 20:12, Greg Sanders via bitcoin-dev wrote:
> To fix this I consulted with andytoshi and got something we think works
> for both cases:
>
> 1) When a signing device receives a partially signed transaction, all
> inputs must come with a ownership proof:
> - For the input at address A, a signature over H(A || x) using the key
> for A. 'x' is some private fixed key that only the signing device
> knows(most likely some privkey along some unique bip32 path).
> - For each input ownership proof, the HW wallet validates each signature
> over the hashed message, then attempts to "decode" the hash by applying
> its own 'x'. If the hash doesn't match, it cannot be its own input.
> - Sign for every input that is yours
Interesting, basically a proof of non-ownership :), a proof that the
hardware wallet doesn't own the address.
But shouldn't x be public, so that the device can verify the signature?
Can you expand on this, what is exactly signed with which key and how is
it checked?
One also has to make sure that it's not possible to reuse signatures as
ownership proof that were made for a different purpose.
Jochen
|