1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
Return-Path: <jan.matejek@satoshilabs.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id DE7E610D2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 8 May 2019 07:54:57 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com
[209.85.221.51])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 520F01FB
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 8 May 2019 07:54:57 +0000 (UTC)
Received: by mail-wr1-f51.google.com with SMTP id v11so5722738wru.5
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 08 May 2019 00:54:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=satoshilabs.com; s=google;
h=to:references:from:openpgp:autocrypt:subject:message-id:date
:user-agent:mime-version:in-reply-to:content-language
:content-transfer-encoding;
bh=P3afVqc+yOzybUQTEB14eddXoK+2jzhuShtkoME/ii0=;
b=VJeBs9sDEqby4Aa95JuWTkDZwGsrwRK+4zn71NN0zvtSw0tQSrwpY0QizQv9EzG9G/
DmjMldbxC4RYAAzpjbv5RdkNe669s4uIeO83HxQDxPPPbqXHxt/m5GLbbVXsJBqabrgH
1OusZ/ORR/gUk64OLNzqbt66qCV3YaBcQsxQTxMd6Cthy1QI/kFZHORZyRRjxoVAATXE
95tHUiq8l05VjkYDajxD4eeNZlhFXWjvIJRA9cOdPCO4cka8h79ou8P8RTEMSi7JFhGH
ZFHci+iaZW/+ovtPaoaWnVZqMuIlrNAWibxfoKk3E6SIAkgUux+/cZsWYe/LHIt7Nqgy
YuzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:to:references:from:openpgp:autocrypt:subject
:message-id:date:user-agent:mime-version:in-reply-to
:content-language:content-transfer-encoding;
bh=P3afVqc+yOzybUQTEB14eddXoK+2jzhuShtkoME/ii0=;
b=L44LamgHNOSaKH9che+E2j2Un2RvzS6DlvWsSdtlq2l69NdI5w18JyqngErtLe7LPz
TInlrkqgZtxBOTAiy2uaeMcTGw2R2g12/f4Htot0VUe0A3U6JWvU+M7yErxpiS/X/6i2
Ng+lEjcaEJv7qwWEdkDWx36XtOR36nAv4f2Cdb8GxKJdqTS/zxXRmEXHUhVF0dPmPqZu
em0o5iDwqVrXzP5RjSHtMq0sevDwgccSVdDWjaN8Dw/v1Bf0+sZkSWbuuOAjAjos4eXa
ioUPOifRSn1ewcjd2A00X8KCh87gWLIWOdjno+Olt8JpLAc9DY1Drp/kWeXl1so91y6R
ukOg==
X-Gm-Message-State: APjAAAXaKPCmSrSZOUpFsTI1bA9xPDXCMS/Pu68qdapDfh4N3XO8WGoy
bb1KnB7AZVoLNmRPYiAHlkKg/YvOOH0=
X-Google-Smtp-Source: APXvYqwACqhEPI/ytIj4Whf0kyUj1omru2dz1hzfk+gcRqstHzNQSMHxMKpHHEq/BHeW23deVd4cOA==
X-Received: by 2002:adf:8122:: with SMTP id 31mr15804411wrm.112.1557302095638;
Wed, 08 May 2019 00:54:55 -0700 (PDT)
Received: from [192.168.2.140] (ip-94-112-58-143.net.upcbroadband.cz.
[94.112.58.143])
by smtp.gmail.com with ESMTPSA id r64sm6494930wmr.0.2019.05.08.00.54.54
for <bitcoin-dev@lists.linuxfoundation.org>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 08 May 2019 00:54:54 -0700 (PDT)
To: bitcoin-dev@lists.linuxfoundation.org
References: <CACL8y1v9fpZ+gWLVHMx-bGUCaSd0=0ecHU-u4FF=LnhT7s1zTg@mail.gmail.com>
<20190503132945.GR810@coinkite.com>
<CACL8y1tesev2OLrkfYfvmkgbR2xuk-0JPqdmYGtrUcser9GPfg@mail.gmail.com>
<20190507184034.0a72a9c7@simplexum.com>
From: jan matejek <jan.matejek@satoshilabs.com>
Openpgp: preference=signencrypt
Autocrypt: addr=jan.matejek@satoshilabs.com; keydata=
mQINBFqFmVUBEADi+iKI60b0gvNokY3wxUqmZUt4ms6FPdf/oksWBbmS1JFzIpbFUims72Yd
GmfAgJIkQ//Qae9rXj1BHZtZm6ag7Ts5ojOu0lOndLJg4XB4ELkEFZrmcH8DvhlFRUQb02RN
ieXqbdinCNRvmqIpk6UhZ2+RF0EAnvFOBAu21E/hCemr+vGkQdaU+Gx6nc2yiDOxSF2JFbC1
jGZhEeuuBCdL9K3VDfDVcbQC5tzYJHF0yi45zu1XeCpwk/xbeJ4h49rYlbZ/O7wNGAWQzSpm
JbBn/pAKKdWVJ1p5IMEKtZfjtICU30tY4SDo2bXMiY0tQHqETB0XJUAVsxG/aui6xi9ZDFDh
0HEjwVx+njqucagUdfg0uWz+lposbYHDJtVdmXR2hM6BiJP/NL9EvLfszWWFwpRiDDRNPJLM
SG0f4NO8/wKYnIX0UoDldADnnLL0yQ3eOlGzlgWbzOk059Fo81si47rKdmgWlCF6CemCl3PR
TdSPqQ4YMTjCwDJ0VQc0/P6wv43UZArnkD/FZBvsRcZt70o6drDv09XLu/v1BQdatCGd/CBW
F0G3PyjGoOXcR+riThWaBOBCsdGzoi5Wjs/BHIfK99fv/NmcTBncn1a8Q3BpucG5QWLEkoc7
8KXY2PT/A9vvLdK7L62R6cagBYmfOhyq1uoBHBEeZvpO9iJaGQARAQABtDRKYW4gTWF0ZWpl
ayAobWF0ZWpjaWspIDxqYW4ubWF0ZWpla0BzYXRvc2hpbGFicy5jb20+iQI+BBMBAgAoBQJa
hZlVAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBRwZL4FqKtB9cmD/0e
uxBrkQBiUFx8pgRsoy4fOJdWDmKRNN2CXL5EhPc9eMVok/VxRdKdJkZSYxS4Obt6hvdLj04Y
Q/1KvXdhCThAgnP5v9uLogRn3p1OCWQAy6oCA+7VhHxGm511RFJIvIJqKSBAlN9rtSJYi6yd
B+hyxliCB/zK+EWcQUknK4yfCj6Woz/AqDmwihzN88nHV2tw6aekTITpuXizGsKLXiiEkc6U
tHW3HTg3H/8TSLIX34mf9UEafaCMWsvVLQMOdJlv1b9654aaHAkioXjY0qqhIfWX1cb76sgE
A1WwzerpDHJCVB0Pvh1JSuTaNefNxKLFCZfg0b61TGRxN0jTmdvpbxNgklV8uBulIKuItYVI
bJWhoU6CeGrMJgBp/AFtQWXCdW3jIkthm+8E3iaovIMPrHxCgVOza0dcOONkmViQu/kIDvBt
F5ziTI6PsT14IFJOo4zEceLTqOTtzRWNBlYz6PGFwgSeh4stUHo82ta3NBBFVdaCerPn5Tvb
hko7savRYqqfIQgZB2K/QBAVgb5u4iK5ahimWZS1KT5pZ92DfPDPsWU85SMPZZGmpdFGeVnX
o484vn6CZUoQyr0OAihU44uglKGjF5xiF4B9UrONhnTNM4IfdZhK/zjTMqhK5fyLvTjknuYg
HO5c71VX1SKVdlqZpUK318ew3m0z5bbaxLkCDQRahZlVARAA2fEW84P9p3BiaHbaUexLxaf9
Q8fGbW9znaZTRnFn6Vi4Zq3N6GSMWJCn9+hF6Am90bWYq8qaWZdhR8dWDyqIvDN+TpeULHCB
mNEESh4qoUXiqPu3qo9zWC+z3P+0mTFFtHsljl/psqxr4CkuCGyXS/XdpXec92ZvZwbpylcx
iFHCW4IKpGC6665svBZ5ddCOfDFlI/54dodSKwnFYgg29xFvkf3mXdgz0C4orenqnVn7HIK1
R5jgR2rkkiiSyGCh4CO9IoQD05a4MFUmA3pqvdf8QDvM940OYnTo/Gd5oPjZGcruzwWAqhrw
rnbPxfN2AC9Wk4y4tYtO7rE2xl9p3cQu099eiiRfi5LUYXKlPOXDaXNvGkBj6LYcyvxmmpkt
MBSr13+XTgxzGS4jvQaDy9TSSSoKELKZa0HHRyp+Xvk3xcAKmD6FH+qmRY3FgHBd1dby2YAY
jpIxaE64+oKgv4XGA0Tu5fU9YG6cmw9U6whaQdMXOUES5uzmUudpygL0w/C+CN5Ym4WDlry9
KpIHeTmmldoHXwAKmKtIHMVpefq3d4b+gwmzd3m0uZFuI4nUh098xhPOYGpsCncozwGCHNXY
cio8BueB1ADAUsQp2sdpc3kh4KmmH+S81O9CUr8PiQtTW7yRTDAMhp42M+M/yBzqX674AhrP
Wm+P1gdwQ6MAEQEAAYkCJQQYAQIADwUCWoWZVQIbDAUJCWYBgAAKCRBRwZL4FqKtBy7YD/45
MwqkLF9yGakngzRLGirZDGZ8q+97PcTjcap+RhgxCCU/ZKm8mleR/gw9irDC75TTzifYAqCB
66UaKvRMrlhDFXWGKG3XQdJ/gi0YTXImiucVVWD/cTeOROh4vedxwxyCQP8dV4eUDcGuQZNi
SHO2EaDjVweuhO/oHxaA96ZJ+4/GXmhjt7hDruJLEdmZgQAt/aC7G1OMV5XQSXaDzD3Otl0f
+Z1uNI9RfbMitP+h1Gncm/cMvJWOkbA2ZzS4Mfgf8xxd2irR9TQKEImksSirKcUsWGK/u9ni
vupZ+vbe4REXf5y5ad2ILDPzdwQQWhiyD9cxMDjT51UMMPxxNOTXLQatbVYSAGGK9PSNpEh2
IqRtf0+LeTaOnjUjVPuXTROI/TMh2Ia5U6ZuvYcPPhb+sY5OQX3mQJT2uvbiVLz5rkR6ZHq4
dx4JuP4wvuXLPeN9lE+6S/3i5G+EiqnArsmdMMgMARTLV930qyrD1RqivawBpzJKbqJ9hzuF
rvSW01bGYc+Zo4lwg8zQg5c0aA9/OaygGz/anF98WbLKwMpKAnHUv8Oo0PQ3ku5Aow85baFw
ekqL1UhX0Eez5Dw5gDnyWLt1oKa7D3XPYG6zmX5fcXGvj9pbxnbgUecUVN3EpkQyaT2ExVwb
v5dUJDnnoT71TTMPNUTl9BNQacyH2puxZQ==
Message-ID: <9e85b47c-6ba9-ab85-03f1-eb0ddf3022de@satoshilabs.com>
Date: Wed, 8 May 2019 09:54:53 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <20190507184034.0a72a9c7@simplexum.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 09 May 2019 14:49:45 +0000
Subject: Re: [bitcoin-dev] Adding xpub field to PSBT to make multisig more
secure
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 07:54:58 -0000
hello,
On 07. 05. 19 15:40, Dmitry Petukhov via bitcoin-dev wrote:
> At the setup phase, hardware wallet can sign a message that consists of
> xpubs of participants, and some auxiliary text. It can use the key
> derived from the master key, with path chosen specifically for this
> purpose.
This seems overly complicated.
What is your threat model?
IIUC, each individual multisig signature also signs the set of signers
(through signing redeem-script (or scriptPubKey in address-based multisig))
So if an attacker gives me bad xpubs, i will sign them, but the
signature won't be valid for the given multisig output - even if the
attacker manages to trick 2 of 3 signers and recombine their signatures.
Therefore, the input==output check is sufficient: if I use the same set
of signers for an input and an output, I can be sure that the change
goes to the same multisig wallet.
Or is there something I'm missing?
The weak spot is the part where you generate receiving address, because
that "creates" the particular multisig wallet. But that's nothing to do
with PSBT.
> This would allow to distinguish the trusted output even if the inputs
> are not all derived from the same set of xpubs, that could happen in
> more complex scenarios (batching, key rotation, etc.), and can possibly
> be used to have several different types of 'trusted' outputs.
This seems to be an attempt at a different, much broader problem. And it
won't help if the attacker can replay a different trusted-xpub package
(e.g., one that contains a revoked previously compromised key).
regards
m.
|