1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
|
Return-Path: <willtech@live.com.au>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 09194FF6
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 15 Mar 2018 10:15:21 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from APC01-HK2-obe.outbound.protection.outlook.com
(mail-oln040092255063.outbound.protection.outlook.com [40.92.255.63])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id C8E35356
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 15 Mar 2018 10:15:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=Oh0bRZVOLtTEzMhdup6k0eIASKFqt0zZbQ727j5x8Fk=;
b=JGkeXpGi4yF7mWs3q3dpChlJ9ilr7eI3opWiskv3Xp4LWZSTkyI/H0d0BFh/gs8nTze1k6p2nPdCgiucOYw4xfUO9HXsOWRtIeG3cTbBQUogWjJCC6+xHnkf2g8ELCjBQkXOv78IEUK0Jh0vbC2mIZvAk//gavuca9MDt/G83KRpxY3wNAZ+tQnKn79n5j5eZbCMHfAOBrMRTe+m9G+Kb3Yb/aGhf690sC2fuolLL2Z2MfH2Lait4rtJn3qAaCybGZExW2uGBTWIEu/8mTy1o/3erfLM7vkiwSUDdzVkL3mbm2oRynqhcmS++ltnLpwhFajjUZiwQRCRnlxu3BXy8Q==
Received: from HK2APC01FT006.eop-APC01.prod.protection.outlook.com
(10.152.248.59) by HK2APC01HT066.eop-APC01.prod.protection.outlook.com
(10.152.249.164) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.16;
Thu, 15 Mar 2018 10:15:17 +0000
Received: from PS2P216MB0179.KORP216.PROD.OUTLOOK.COM (10.152.248.52) by
HK2APC01FT006.mail.protection.outlook.com (10.152.248.74) with
Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.506.19 via Frontend Transport; Thu, 15 Mar 2018 10:15:17 +0000
Received: from PS2P216MB0179.KORP216.PROD.OUTLOOK.COM ([10.171.225.19]) by
PS2P216MB0179.KORP216.PROD.OUTLOOK.COM ([10.171.225.19]) with mapi id
15.20.0588.013; Thu, 15 Mar 2018 10:15:17 +0000
From: Damian Williamson <willtech@live.com.au>
To: Luke Dashjr <luke@dashjr.org>, Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Thread-Topic: [bitcoin-dev] {sign|verify}message replacement
Thread-Index: AQHTu2vq8wWAAfuXnUqGOoL8j+Ojt6PPq2OAgAFoofM=
Date: Thu, 15 Mar 2018 10:15:17 +0000
Message-ID: <PS2P216MB0179B77615F7FCD64EDFDDB09DD00@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
References: <CALJw2w5=g-FL+MZ08DEoLxVzOKbSXeKu50drE1b4P0JZJpdTyA@mail.gmail.com>,
<201803141236.48869.luke@dashjr.org>
In-Reply-To: <201803141236.48869.luke@dashjr.org>
Accept-Language: en-AU, en-US
Content-Language: en-AU
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:E67866C0F195EDB526E2CCFA8AB5ECB4D49F53FCDB0DB6B3434A9B82D7C31E0B;
UpperCasedChecksum:53E0D7FB4FED2D292CE9ACDE1F0F97B997BF699D8F09A471FCF9FFB5693F7936;
SizeAsReceived:7082; Count:46
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [jlBAehbuq+X1nW0PMpRT67Fhgj/0OaoG]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HK2APC01HT066;
6:nl7J8ED3i9jn+yR9owxqPoFYDQVcZuPAySwLEBGtaBXh5mEvv8wC9vmQwE/QBJD+E5E/EvuUURyzda30JWB/FUuoJDbp6oS25DETlOPyUDSGyNdxJ00r0KrkhSWkPm7/IWXbwcG0OJDGTpMIC7hlTA+0rbt35MWUJwuJ0PMfzG4Z/7WJA2hlg0v8gpsioMlLg1jjRCem8zUusi/mjCym8NHY30heXZLnO/GHMostn5gBWH4yQsFSqONA1gjtvthGb3YxNMEwS9H+vPkkU2M9r0EfKnzkgX5rYM2F6lBxdlKwA2i61s3mJlBZOF+CbSHiQVia593W8FGBG9PYh8e7v1MCQhNP/JqDmSVXj3g99vE=;
5:BsxbrK5d3TOMsvEvnrGprjlabH7ybNE3gJW/jpxpXmau4t3oy+olEJxDLL/BIYJ6mKt7DcGjWPEB5fhPAXhmdZ137isl6C2JT/yaG4sF3CYwHRXh1y+3D4uY8jgFrYweVxT/e/ITP7oNFwiPhDwdQNCTwbcsURO2OlAtTxjfPxs=;
24:jUe0mnc4lj3s9UiebYf7DUlKsB300NW5ivCndD3WeD0dvxmdyM1606OftzGVfzHUXNz/owhn+fYzZa/p2/JOkzWe5CFJYWIikD7Me3Wr9Jg=;
7:otVf2ERTHp0wy29Ek9Wmd+eoJ9yEvEiEbvGrJgwv0Mm4PCDySULszqIj+UDGrTZofZCOgIXfKwtfIsdfobmAL9qHdYzNu2OGP3UWdBJwpAzYdmqLgv+v0OPPTQjFbjONZ+c+Q8uj8J+Jh+R4STc96uFAURl8M+Z2wJ7VjfXZVqCEyzI0xjxZgSSkcct3ZMc0zDUpxFj5HC2gWFFCQzD7MStEgmvpaa7czD28iVobnnlE5wgVWII2wDIBOFAjiyzL
x-incomingheadercount: 46
x-eopattributedmessage: 0
x-microsoft-antispam: UriScan:; BCL:0; PCL:0;
RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1601125374)(1603101448)(1701031045);
SRVR:HK2APC01HT066;
x-ms-traffictypediagnostic: HK2APC01HT066:
x-ms-office365-filtering-correlation-id: 5f3fbc4d-dfaa-472f-2a16-08d58a5da695
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(444000031);
SRVR:HK2APC01HT066; BCL:0; PCL:0; RULEID:; SRVR:HK2APC01HT066;
x-forefront-prvs: 0612E553B4
x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT;
SFP:1901; SCL:1; SRVR:HK2APC01HT066;
H:PS2P216MB0179.KORP216.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:;
x-microsoft-antispam-message-info: 0KB4qGHiB3bsXxyYdRgAweFGWTXV5AGSK04lWfjs0pZGx89VfY3lAucyClugnqs6KJ5JQR38iovVFNR1Q0EwRk9SZT2kW8oPW2TWsZU4Rqm1w6JcaEXytRUMe2E99ZcNt3lRKaCLR/n0i3tI/pt7kTvkGeDrCNislrtXhL8Zal+u0eFNG5KvL66cNwFHY2ms
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
boundary="_000_PS2P216MB0179B77615F7FCD64EDFDDB09DD00PS2P216MB0179KORP_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5f3fbc4d-dfaa-472f-2a16-08d58a5da695
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2018 10:15:17.3709 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT066
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 15 Mar 2018 12:53:35 +0000
Subject: Re: [bitcoin-dev] {sign|verify}message replacement
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 10:15:21 -0000
--_000_PS2P216MB0179B77615F7FCD64EDFDDB09DD00PS2P216MB0179KORP_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
That is very helpful Luke. I would not have been concerned if it was necess=
ary to sign multiple times for multiple utxo's on different addresses but, =
since it is a feature it may as well be best usable. Signing for multiple i=
nputs verifying that you have the priv key for each in your wallet is certa=
inly usable for this popular misuse.
>Ideally, it should support not only just "proof I receive at this address"=
,
but also "proof of funds" (as a separate feature) since this is a popular
misuse of the current message signing (which doesn't actually prove funds a=
t
all). To do this, it needs to be capable of signing for multiple inputs.
________________________________
From: bitcoin-dev-bounces@lists.linuxfoundation.org <bitcoin-dev-bounces@li=
sts.linuxfoundation.org> on behalf of Luke Dashjr via bitcoin-dev <bitcoin-=
dev@lists.linuxfoundation.org>
Sent: Wednesday, 14 March 2018 11:36:47 PM
To: Karl Johan Alm; Bitcoin Protocol Discussion
Subject: Re: [bitcoin-dev] {sign|verify}message replacement
I don't see a need for a new RPC interface, just a new signature format.
Ideally, it should support not only just "proof I receive at this address",
but also "proof of funds" (as a separate feature) since this is a popular
misuse of the current message signing (which doesn't actually prove funds a=
t
all). To do this, it needs to be capable of signing for multiple inputs.
Preferably, it should also avoid disclosing the public key for existing or
future UTXOs. But I don't think it's possible to avoid this without somethi=
ng
MAST-like first. Perhaps it can be a MAST upgrade later on, but the new
signature scheme should probably be designed with it in mind.
Luke
On Wednesday 14 March 2018 8:09:20 AM Karl Johan Alm via bitcoin-dev wrote:
> Hello,
>
> I am considering writing a replacement for the message signing tools
> that are currently broken for all but the legacy 1xx addresses. The
> approach (suggested by Pieter Wuille) is to do a script based
> approach. This does not seem to require a lot of effort for
> implementing in Bitcoin Core*. Below is my proposal for this system:
>
> A new structure SignatureProof is added, which is a simple scriptSig &
> witnessProgram container that can be serialized. This is passed out
> from/into the signer/verifier.
>
> RPC commands:
>
> sign <address> <message> [<prehashed>=3Dfalse]
>
> Generates a signature proof for <message> using the same method that
> would be used to spend coins sent to <address>.**
>
> verify <address> <message> <proof> [<prehashed>=3Dfalse]
>
> Deserializes and executes the proof using a custom signature checker
> whose sighash is derived from <message>. Returns true if the check
> succeeds, and false otherwise. The scriptPubKey is derived directly
> from <address>.**
>
> Feedback welcome.
>
> -Kalle.
>
> (*) Looks like you can simply use VerifyScript with a new signature
> checker class. (h/t Nicolas Dorier)
> (**) If <prehashed> is true, <message> is the sighash, otherwise
> sighash=3Dsha256d(message).
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--_000_PS2P216MB0179B77615F7FCD64EDFDDB09DD00PS2P216MB0179KORP_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi=
n-bottom:0;} --></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;font=
-family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
<p style=3D"margin-top:0;margin-bottom:0">That is very helpful Luke. I woul=
d not have been concerned if it was necessary to sign multiple times for mu=
ltiple utxo's on different addresses but, since it is a feature it may as w=
ell be best usable. Signing for multiple
inputs verifying that you have the priv key for each in your wallet is cer=
tainly usable for this popular misuse.<br>
</p>
<p style=3D"margin-top:0;margin-bottom:0"><br>
</p>
<p style=3D"margin-top:0;margin-bottom:0">><font size=3D"2"><span style=
=3D"font-size:11pt;">Ideally, it should support not only just "proof I=
receive at this address",
<br>
but also "proof of funds" (as a separate feature) since this is a=
popular <br>
misuse of the current message signing (which doesn't actually prove funds a=
t <br>
all). To do this, it needs to be capable of signing for multiple inputs.</s=
pan></font><br>
</p>
</div>
<hr style=3D"display:inline-block;width:98%" tabindex=3D"-1">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" st=
yle=3D"font-size:11pt" color=3D"#000000"><b>From:</b> bitcoin-dev-bounces@l=
ists.linuxfoundation.org <bitcoin-dev-bounces@lists.linuxfoundation.org&=
gt; on behalf of Luke Dashjr via bitcoin-dev <bitcoin-dev@lists.linuxfou=
ndation.org><br>
<b>Sent:</b> Wednesday, 14 March 2018 11:36:47 PM<br>
<b>To:</b> Karl Johan Alm; Bitcoin Protocol Discussion<br>
<b>Subject:</b> Re: [bitcoin-dev] {sign|verify}message replacement</font>
<div> </div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt;=
">
<div class=3D"PlainText">I don't see a need for a new RPC interface, just a=
new signature format.<br>
<br>
Ideally, it should support not only just "proof I receive at this addr=
ess", <br>
but also "proof of funds" (as a separate feature) since this is a=
popular <br>
misuse of the current message signing (which doesn't actually prove funds a=
t <br>
all). To do this, it needs to be capable of signing for multiple inputs.<br=
>
<br>
Preferably, it should also avoid disclosing the public key for existing or =
<br>
future UTXOs. But I don't think it's possible to avoid this without somethi=
ng <br>
MAST-like first. Perhaps it can be a MAST upgrade later on, but the new <br=
>
signature scheme should probably be designed with it in mind.<br>
<br>
Luke<br>
<br>
<br>
On Wednesday 14 March 2018 8:09:20 AM Karl Johan Alm via bitcoin-dev wrote:=
<br>
> Hello,<br>
> <br>
> I am considering writing a replacement for the message signing tools<b=
r>
> that are currently broken for all but the legacy 1xx addresses. The<br=
>
> approach (suggested by Pieter Wuille) is to do a script based<br>
> approach. This does not seem to require a lot of effort for<br>
> implementing in Bitcoin Core*. Below is my proposal for this system:<b=
r>
> <br>
> A new structure SignatureProof is added, which is a simple scriptSig &=
amp;<br>
> witnessProgram container that can be serialized. This is passed out<br=
>
> from/into the signer/verifier.<br>
> <br>
> RPC commands:<br>
> <br>
> sign <address> <message> [<prehashed>=3Dfalse]<br>
> <br>
> Generates a signature proof for <message> using the same method =
that<br>
> would be used to spend coins sent to <address>.**<br>
> <br>
> verify <address> <message> <proof> [<prehashed>=
;=3Dfalse]<br>
> <br>
> Deserializes and executes the proof using a custom signature checker<b=
r>
> whose sighash is derived from <message>. Returns true if the che=
ck<br>
> succeeds, and false otherwise. The scriptPubKey is derived directly<br=
>
> from <address>.**<br>
> <br>
> Feedback welcome.<br>
> <br>
> -Kalle.<br>
> <br>
> (*) Looks like you can simply use VerifyScript with a new signature<br=
>
> checker class. (h/t Nicolas Dorier)<br>
> (**) If <prehashed> is true, <message> is the sighash, oth=
erwise<br>
> sighash=3Dsha256d(message).<br>
> _______________________________________________<br>
> bitcoin-dev mailing list<br>
> bitcoin-dev@lists.linuxfoundation.org<br>
> <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-=
dev">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a><br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
bitcoin-dev@lists.linuxfoundation.org<br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev">=
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a><br>
</div>
</span></font></div>
</body>
</html>
--_000_PS2P216MB0179B77615F7FCD64EDFDDB09DD00PS2P216MB0179KORP_--
|
