1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
Return-Path: <ematiu@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 5FBB1267
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 5 Oct 2015 06:57:37 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f177.google.com (mail-io0-f177.google.com
[209.85.223.177])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A994C90
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 5 Oct 2015 06:57:36 +0000 (UTC)
Received: by iofh134 with SMTP id h134so175902058iof.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 04 Oct 2015 23:57:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc:content-type;
bh=EN34d9WQSWsODKwysg2gVJq6jui8O7mTaEFtnUpWfv8=;
b=FEtBCZHLQAM36L2eRtl4rrNHFcNbG69zh0Z3WnBxQEsKEs2dzAVSETcSDERldYkjNs
fRVSZRre9TxD6lXLRyK+4i9rY9uERuYAeRwHn7UUPaJ/4zryoaERyrDGvVjzMPnWaszK
2iM2wL14m96MaCLWUcqToLDAaL+FtCh5+yc6TTv/FCkOdZKDd5+csc7SkxF6RCdMjjze
cXiVxqA4HjJcZ4ArDzyXt3g++epkYZoTDlAfWfCkhV47k0P+0W04Dz4FbC+MGVU9bOI6
yCexU0DIFH9JQxq9rJKhov6+nN9DI6+lUQue0mXinQbjSAneRmts5DgWJDiKXb/JUvkW
ADJw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitpay.com; s=google;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc:content-type;
bh=EN34d9WQSWsODKwysg2gVJq6jui8O7mTaEFtnUpWfv8=;
b=dCN69nO+pZ1/ukgoNgjVZchzpxcagxeDFckM/pTXupv5AUKpj3lqkwJmhmS2ss3XNg
c1SD+CFX/6J+ev/WB9ljMvV22LQM4oqpnKagESnEPOAqYeFI4VQO568t8uWu9avtz9yX
n2aTWpZ54UGJibDU1pICbj2UkZSSbJgXQ7+5I=
X-Received: by 10.107.34.11 with SMTP id i11mr27604121ioi.6.1444028256077;
Sun, 04 Oct 2015 23:57:36 -0700 (PDT)
MIME-Version: 1.0
Sender: ematiu@gmail.com
Received: by 10.50.230.19 with HTTP; Sun, 4 Oct 2015 23:57:16 -0700 (PDT)
In-Reply-To: <561160EB.30505@gmail.com>
References: <CABQSq2Q98K5zbUbQAqSE4OYez2QuOaWTt+9n5iZmSR2boynf_Q@mail.gmail.com>
<560FCD30.9020902@haskoin.com> <5611432F.5070209@haskoin.com>
<561160EB.30505@gmail.com>
From: Matias Alejo Garcia <matias@bitpay.com>
Date: Mon, 5 Oct 2015 03:57:16 -0300
X-Google-Sender-Auth: ewVnrtdJsVaER5AhOgq13Ai06-o
Message-ID: <CA+vKqYeBDHEGRgCsuAp3wQKb9idH085e5K3uNdeRLFvc9MTpdQ@mail.gmail.com>
To: Thomas Kerin <thomas.kerin@gmail.com>
Content-Type: multipart/alternative; boundary=001a1140c1c43fd32c0521560717
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] [Bitcoin-development] New BIP32 structure for
P2SH multisig wallets [BIP-45]
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 06:57:37 -0000
--001a1140c1c43fd32c0521560717
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Hi,
Sorry the late response. Going back to the original message:
> > On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote:
> >> I have been reviewing BIP-45 today. There is a privacy problem with i=
t
> >> that should at least be mentioned in the document.
> >>
> >> When using the same extended public key for all multisig activity, and
> >> dealing with different cosigners in separate multisig accounts, reuse =
of
> >> the same set of public keys means that all cosigners from all accounts
> >> will be able to monitor multisig activity from every other cosigner, i=
n
> >> every other account.
>
I am not completely sure what you mean by 'account' and 'mutisig activity'.
You seem to imply
that the same set of extended public keys will be used in more that one
wallet, which it is
not required (and certainly not recommended) by BIP45.
According to BIP45, a singing party, in order to generate a wallet address,
needs the extended public keys of all the other parties, so each party will
be able to see the transaction history of the wallet they are sharing, but
if the party has other wallets with other copayers the xpub should be
completely different.
mat=C3=ADas
--=20
BitPay.com
--001a1140c1c43fd32c0521560717
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><div=
><br></div><div>Hi,</div><div><br></div><div>Sorry the late response. Going=
back to the original message:</div><div>=C2=A0</div><blockquote class=3D"g=
mail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-l=
eft:1ex">> On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote:<br=
>
>> I have been reviewing BIP-45 today.=C2=A0 There is a privacy probl=
em with it<br>
>> that should at least be mentioned in the document.<br>
>><br>
>> When using the same extended public key for all multisig activity,=
and<br>
>> dealing with different cosigners in separate multisig accounts, re=
use of<br>
>> the same set of public keys means that all cosigners from all acco=
unts<br>
>> will be able to monitor multisig activity from every other cosigne=
r, in<br>
>> every other account.<br></blockquote><div><br></div><div>I am not =
completely sure what you mean by 'account' and 'mutisig activit=
y'. You seem to imply</div><div>that the same set of extended public ke=
ys will be used in more that one wallet, which it is=C2=A0</div><div>not re=
quired (and certainly not recommended) by BIP45.</div><div><br></div><div>A=
ccording to BIP45, a singing party, in order to generate a wallet address, =
needs the extended public keys of all the other parties, so each party will=
be able to see the transaction history of the wallet they are sharing, but=
if the party has other wallets with other copayers the xpub should be comp=
letely different.</div><div><br></div><div>mat=C3=ADas</div><div><br></div>=
<div><br></div></div><div><br></div>-- <br><div class=3D"gmail_signature"><=
div dir=3D"ltr"><div>BitPay.com</div></div></div>
</div></div>
--001a1140c1c43fd32c0521560717--
|
