1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
Return-Path: <ematiu@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 4E4311923
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 5 Oct 2015 18:05:05 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ig0-f178.google.com (mail-ig0-f178.google.com
[209.85.213.178])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 23EED12C
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 5 Oct 2015 18:05:04 +0000 (UTC)
Received: by igcpb10 with SMTP id pb10so69099615igc.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 05 Oct 2015 11:05:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc:content-type;
bh=EAsP60J3KXIU6PzLvgJK9UApeui+sIeSgddtXM1/jVg=;
b=uYwNObgrdQgpevb+t0aHY1aYWq/vcQeLwvbMgz2KT2L4qIitPkQvIK7gQ3w1IClt00
qIW6HfsfbK3hlxCbw6zXMuy4DGqFdsKyo+4gaI/RYF38zPGmGiPDHQm0VaETTpR/v15F
HYhqFt0vt6UUZqzYuTKLnYzjPpBLxqR4SZ+jLQdKvXYyr0tMFWp0QOFcv23SQiNhCI/W
QYjwnGlIMIHJkAJ9Po4DXviwUJMxlmMoFN6lF++MbIDmTRy2iZ28FqWMxZWZSmfEc8l2
wBovOo7jFltL43AvT4M+EWlI86xWgwdHbPQZphW9tB+ARYM00pvvkM9/60SIpvOHX5VK
r5pA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitpay.com; s=google;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc:content-type;
bh=EAsP60J3KXIU6PzLvgJK9UApeui+sIeSgddtXM1/jVg=;
b=Fb96BYFilUtMsyKPNl7EsFIh/1YIknA7uVIfBDhFTQKg8HzlfqNIiC8aueQJEEaHhx
+as9tKTIuzG63BpAWTx1C+Z/vIZMA4RQbn3JYbf3trUYgjpPRr/ztQokhMlq5+k7q0Zg
6Svu48qiQQbwbD3lwREWRZ8FAgj1Y5ukPqzF8=
X-Received: by 10.50.22.101 with SMTP id c5mr10882512igf.57.1444068303623;
Mon, 05 Oct 2015 11:05:03 -0700 (PDT)
MIME-Version: 1.0
Sender: ematiu@gmail.com
Received: by 10.50.230.19 with HTTP; Mon, 5 Oct 2015 11:04:44 -0700 (PDT)
In-Reply-To: <56126AB0.3030107@haskoin.com>
References: <CABQSq2Q98K5zbUbQAqSE4OYez2QuOaWTt+9n5iZmSR2boynf_Q@mail.gmail.com>
<560FCD30.9020902@haskoin.com> <5611432F.5070209@haskoin.com>
<561160EB.30505@gmail.com>
<CA+vKqYeBDHEGRgCsuAp3wQKb9idH085e5K3uNdeRLFvc9MTpdQ@mail.gmail.com>
<56126AB0.3030107@haskoin.com>
From: Matias Alejo Garcia <matias@bitpay.com>
Date: Mon, 5 Oct 2015 15:04:44 -0300
X-Google-Sender-Auth: Ztw1Ji6kIApcPSlXVdM14s_d0TE
Message-ID: <CA+vKqYcqYS4_0aDK_=TtVsEDVMhJzDmtHvzm6YRdNFX2mhztgg@mail.gmail.com>
To: Jean-Pierre Rupp <root@haskoin.com>
Content-Type: multipart/alternative; boundary=047d7b10c9cb44e83c05215f5ac3
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] [Bitcoin-development] New BIP32 structure for
P2SH multisig wallets [BIP-45]
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 18:05:05 -0000
--047d7b10c9cb44e83c05215f5ac3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Mon, Oct 5, 2015 at 9:18 AM, Jean-Pierre Rupp <root@haskoin.com> wrote:
>
> Perhaps Pedro wants to also participate in a 2-of-2 cosigning
> arrangement with a merchant that will deliver a laptop to him, so Pedro
> provides this merchant with the same extended public key derived from
> path m/45', and the merchant provides Pedro with his own:
>
> Pedro: xpub456...
> ElCheapoPC: xpub987...
>
Thanks for the explanation. OK, maybe that should be stated on BIP45, but
it was never the idea that you reuse your xpub for different wallet, as I
mention
on the original reply. The only implementation of BIP45 I am aware of
(Copay),
use completely different xprivs for each wallet.
>
> On 05/10/15 07:57, Matias Alejo Garcia wrote:
> >
> > Hi,
> >
> > Sorry the late response. Going back to the original message:
> >
> >
> > > On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote:
> > >> I have been reviewing BIP-45 today. There is a privacy problem
> > with it
> > >> that should at least be mentioned in the document.
> > >>
> > >> When using the same extended public key for all multisig
> > activity, and
> > >> dealing with different cosigners in separate multisig accounts,
> > reuse of
> > >> the same set of public keys means that all cosigners from all
> > accounts
> > >> will be able to monitor multisig activity from every other
> > cosigner, in
> > >> every other account.
> >
> >
> > I am not completely sure what you mean by 'account' and 'mutisig
> > activity'. You seem to imply
> > that the same set of extended public keys will be used in more that one
> > wallet, which it is
> > not required (and certainly not recommended) by BIP45.
> >
> > According to BIP45, a singing party, in order to generate a wallet
> > address, needs the extended public keys of all the other parties, so
> > each party will be able to see the transaction history of the wallet
> > they are sharing, but if the party has other wallets with other copayer=
s
> > the xpub should be completely different.
> >
> > mat=C3=ADas
> >
> >
> >
> > --
> > BitPay.com
>
--=20
BitPay.com
--047d7b10c9cb44e83c05215f5ac3
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Mon, Oct 5, 2015 at 9:18 AM, Jean-Pierre Rupp <span dir=3D"ltr"><=
<a href=3D"mailto:root@haskoin.com" target=3D"_blank">root@haskoin.com</a>&=
gt;</span> wrote:<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex">
Perhaps Pedro wants to also participate in a 2-of-2 cosigning<br>
arrangement with a merchant that will deliver a laptop to him, so Pedro<br>
provides this merchant with the same extended public key derived from<br>
path m/45', and the merchant provides Pedro with his own:<br>
<br>
Pedro: xpub456...<br>
ElCheapoPC: xpub987...<br></blockquote><div><br></div><div><br></div><div>T=
hanks for the explanation. OK, maybe that should be stated on BIP45, but</d=
iv><div>it was never the idea that you reuse your xpub for different wallet=
, as I mention</div><div>on the original reply. The only implementation of =
BIP45 I am aware of (Copay),</div><div>use completely different xprivs for =
each wallet.</div><div><br></div><div>=C2=A0</div><blockquote class=3D"gmai=
l_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left=
:1ex">
<div class=3D"HOEnZb"><div class=3D"h5"><br>
On 05/10/15 07:57, Matias Alejo Garcia wrote:<br>
><br>
> Hi,<br>
><br>
> Sorry the late response. Going back to the original message:<br>
><br>
><br>
>=C2=A0 =C2=A0 =C2=A0> On 03/10/15 13:42, Jean-Pierre Rupp via bitcoi=
n-dev wrote:<br>
>=C2=A0 =C2=A0 =C2=A0>> I have been reviewing BIP-45 today.=C2=A0 =
There is a privacy problem<br>
>=C2=A0 =C2=A0 =C2=A0with it<br>
>=C2=A0 =C2=A0 =C2=A0>> that should at least be mentioned in the d=
ocument.<br>
>=C2=A0 =C2=A0 =C2=A0>><br>
>=C2=A0 =C2=A0 =C2=A0>> When using the same extended public key fo=
r all multisig<br>
>=C2=A0 =C2=A0 =C2=A0activity, and<br>
>=C2=A0 =C2=A0 =C2=A0>> dealing with different cosigners in separa=
te multisig accounts,<br>
>=C2=A0 =C2=A0 =C2=A0reuse of<br>
>=C2=A0 =C2=A0 =C2=A0>> the same set of public keys means that all=
cosigners from all<br>
>=C2=A0 =C2=A0 =C2=A0accounts<br>
>=C2=A0 =C2=A0 =C2=A0>> will be able to monitor multisig activity =
from every other<br>
>=C2=A0 =C2=A0 =C2=A0cosigner, in<br>
>=C2=A0 =C2=A0 =C2=A0>> every other account.<br>
><br>
><br>
> I am not completely sure what you mean by 'account' and 'm=
utisig<br>
> activity'. You seem to imply<br>
> that the same set of extended public keys will be used in more that on=
e<br>
> wallet, which it is<br>
> not required (and certainly not recommended) by BIP45.<br>
><br>
> According to BIP45, a singing party, in order to generate a wallet<br>
> address, needs the extended public keys of all the other parties, so<b=
r>
> each party will be able to see the transaction history of the wallet<b=
r>
> they are sharing, but if the party has other wallets with other copaye=
rs<br>
> the xpub should be completely different.<br>
><br>
> mat=C3=ADas<br>
><br>
><br>
><br>
> --<br>
> BitPay.com<br>
</div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=
<div class=3D"gmail_signature"><div dir=3D"ltr"><div>BitPay.com</div></div>=
</div>
</div></div>
--047d7b10c9cb44e83c05215f5ac3--
|