1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
|
Return-Path: <junderwood@bitcoinbank.co.jp>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 004AAC9E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Jul 2019 05:03:46 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw1-f54.google.com (mail-yw1-f54.google.com
[209.85.161.54])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5929EF1
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Jul 2019 05:03:45 +0000 (UTC)
Received: by mail-yw1-f54.google.com with SMTP id x67so15244584ywd.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 22 Jul 2019 22:03:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bitcoinbank.co.jp; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=fBG/Oai8uU2XBac+IHwA3huIOxfda1Bbbf0GuJ8dv8s=;
b=cljbbrI8U1mGSG2rD0bxgNIuTxlNyx2nafnj55MOrTkgncyOaF+ezzj3q3uhkYtuJh
tNqApxk/hzlWodgZHIOIYeeFwn70vb3YbPQL7DhxZyRV+yOYMMdYf3E0qC2SjzT5cYv9
bDZADy1q6XTSCfqvlDqd0alJgHST1Ny/ivu/oDCb3UvXrXC7OwMcowQdVBQzCrWDiq8J
5IL6n26T77GBSF6CCu8Sj+IrIGfh3P1Ob+3vJThDPLqROV5nmYVWSisEFD8Dt0wpmcsk
WOfXYrD1M7OEf2PAgyKAan2TnrsyjohrZPpn4X8iNqLeR/lhd/DdX4ZKfj3L9hVT1wPJ
T07g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=fBG/Oai8uU2XBac+IHwA3huIOxfda1Bbbf0GuJ8dv8s=;
b=PZDWC/D8xuVXz0nozY4h4x61WHsbWjNMvLurFxztFMAbFiVOPr7ZBszRWKz+Ns4dnK
4DF3+EyghxapSNW8QSByUpCo+X5s+YS3Lq67tTni1C6YgEw3e5CmdgVd7OyhhsoFS258
Nn+GfLsf2SJGAyrSKq6iZ4BCRRKLGWKZcZQdry1GAeq3Yagta6z8UV9el2k1eLMIdxIM
id3EEQ+KYxb3hKn985tYPqXuR8hg9x1ppIPCT6NLyx+GNwu0EMAY4UClKiQoYX6cTlbT
HE98oRydDjOuQ5dx+fTTWshAj1QxtEiB0tOg1aez/Nf3bpd+VZOrseDuGcDrmy+Q57qn
vrsQ==
X-Gm-Message-State: APjAAAXY4ppZwieRWYj9l8bP1Y+7Zu4LqBEzIgkfIwjx7cQEoH4tc0Cs
EZuXB8EH5ho6+XPMnm63zKRp36wnH2A80/NSOWWs1ZsMjA==
X-Google-Smtp-Source: APXvYqwW7gBTawo6Yep7DxfCKDxLJB1/pY6wLfAFYDNoBZu0hG5K9m320tgSszEYIBO+P2OyYzoO2nhxWENj6TXVkvk=
X-Received: by 2002:a81:5e44:: with SMTP id s65mr42134564ywb.441.1563858224101;
Mon, 22 Jul 2019 22:03:44 -0700 (PDT)
MIME-Version: 1.0
References: <CAMpN3mLvY+kuUGqzMW6SAMZ=h46_g=XLhDPhSY=X6xhLxvi15Q@mail.gmail.com>
<20190627095031.4d5817b8@simplexum.com>
<CAMpN3mKPkCPtYkN-JVku1r217-aBK=Rh3UEhvRPS_Y6DixJ9Dw@mail.gmail.com>
<20190627122916.3b6c2c32@simplexum.com>
<CAMpN3mL8tyP-6-nwn6dorcq7-dad6wYz8_pXinqHhgzUnrr_tg@mail.gmail.com>
<20190627181429.15dda570@simplexum.com>
<20190627202932.1cb4d727@simplexum.com>
<20190629024816.2193363e@simplexum.com>
<CAMpN3m+Oa6oPzAmhoioOkuf8__NSPPNoSEMHJwo9PhjXosMwhg@mail.gmail.com>
<20190629094512.558ce181@simplexum.com>
<CAMpN3mLmVwKwMwjjPGV3Z1JjeLmejMLkTN+3+c0Hu3K0-0GjyA@mail.gmail.com>
In-Reply-To: <CAMpN3mLmVwKwMwjjPGV3Z1JjeLmejMLkTN+3+c0Hu3K0-0GjyA@mail.gmail.com>
From: Jonathan Underwood <junderwood@bitcoinbank.co.jp>
Date: Tue, 23 Jul 2019 14:03:32 +0900
Message-ID: <CAMpN3mJnSniMaw_9ftzTFF4K8FPRTAAPA=zbP7YThXT_v-gs9w@mail.gmail.com>
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000ed4b3a058e521da7"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 24 Jul 2019 11:36:19 +0000
Subject: Re: [bitcoin-dev] BIP174 extension proposal (Global Type:
PSBT_GLOBAL_XPUB_SIGNATURE)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 05:03:46 -0000
--000000000000ed4b3a058e521da7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hello All,
I have made a pull request based on the discussion currently. Please move
discussion there.
https://github.com/bitcoin/bips/pull/801
Thanks,
Jonathan
2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 17:11 Jonathan Underwood <jun=
derwood@bitcoinbank.co.jp>:
> Even if the difference is apparent outside the signed data (in the
> output). Signing the data explicitly is more secure.
>
> ie. if some sort of vulnerability / way to break this system for 1-of-1
> multisig is found, someone who signed a single sig xpub whitelist will no=
t
> be exposed.
>
> 2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 13:43 Dmitry Petukhov <dp@s=
implexum.com>:
>
>> =D0=92 Sat, 29 Jun 2019 09:19:41 +0900
>> Jonathan Underwood <junderwood@bitcoinbank.co.jp> =D0=BF=D0=B8=D1=88=D0=
=B5=D1=82:
>>
>> > > Other note: you have 'unused' value of 1 for `m` in your scheme, why
>> > > not require m=3D1 for single-sig case, and use 0 as indicator that
>> > > there are a serlal number following it?
>> > >
>> >
>> > 0x00 is single sig, aka, OP_CHECKSIG
>> >
>> > 0x01 is multisig, aka, 1-of-3, 1-of-2 OP_CHECKMULTISIG
>>
>> This informatin is available in per-output redeem/witness script,
>> signer will be able to distinguish between multisig/single-sig by
>> looking at this script. I think it only need to know the total number
>> of keys participating in the signing, and check that this number
>> matches the particulars of redeem/witness script.
>>
>
>
--=20
-----------------
Jonathan Underwood
=E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE =E3=83=81=
=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=
=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC
-----------------
=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=E3=
=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=81=
=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=94=
=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82
=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
--000000000000ed4b3a058e521da7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hello All,<div><br></div><div>I have made a pull request b=
ased on the discussion currently. Please move discussion there.<br><br><a h=
ref=3D"https://github.com/bitcoin/bips/pull/801">https://github.com/bitcoin=
/bips/pull/801</a><br></div><div><br></div><div>Thanks,</div><div>Jonathan<=
/div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_a=
ttr">2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 17:11 Jonathan Underwood=
<<a href=3D"mailto:junderwood@bitcoinbank.co.jp">junderwood@bitcoinbank=
.co.jp</a>>:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:=
0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">=
<div dir=3D"ltr"><div>Even if the difference is apparent outside the signed=
data (in the output). Signing the data explicitly is more secure.<br><br>i=
e. if some sort of vulnerability / way to break this system for 1-of-1 mult=
isig is found, someone who signed a single sig xpub whitelist will not be e=
xposed.</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail=
_attr">2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 13:43 Dmitry Petukhov =
<<a href=3D"mailto:dp@simplexum.com" target=3D"_blank">dp@simplexum.com<=
/a>>:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">=D0=92 =
Sat, 29 Jun 2019 09:19:41 +0900<br>
Jonathan Underwood <<a href=3D"mailto:junderwood@bitcoinbank.co.jp" targ=
et=3D"_blank">junderwood@bitcoinbank.co.jp</a>> =D0=BF=D0=B8=D1=88=D0=B5=
=D1=82:<br>
<br>
> > Other note: you have 'unused' value of 1 for `m` in your =
scheme, why<br>
> > not require m=3D1 for single-sig case, and use 0 as indicator tha=
t<br>
> > there are a serlal number following it?<br>
> >=C2=A0 <br>
> <br>
> 0x00 is single sig, aka, OP_CHECKSIG<br>
> <br>
> 0x01 is multisig, aka, 1-of-3, 1-of-2 OP_CHECKMULTISIG<br>
<br>
This informatin is available in per-output redeem/witness script,<br>
signer will be able to distinguish between multisig/single-sig by<br>
looking at this script. I think it only need to know the total number<br>
of keys participating in the signing, and check that this number<br>
matches the particulars of redeem/witness script.<br>
</blockquote></div><br></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
class=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div dir=
=3D"ltr"><div>-----------------<br></div><div>Jonathan Underwood</div><div>=
=E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE=E3=80=80=E3=
=83=81=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=
=B3=E3=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC</div><div>----------------=
-</div><div><br></div><div>=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=
=83=A1=E3=83=83=E3=82=BB=E3=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=
=8A=E3=81=AE=E6=96=B9=E3=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=
=E9=8D=B5=E3=82=92=E3=81=94=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=
=80=82</div><div><br></div><div>=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3=
FDAD998682F3590FEA3</div></div></div></div></div></div>
--000000000000ed4b3a058e521da7--
|