summaryrefslogtreecommitdiff
path: root/f4/6ff96b7fcb5dd39736ef468e4e6199cf56acdd
blob: 2ac0a04414c26448e60d70be1950ab41165ec506 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
Return-Path: <jan.matejek@satoshilabs.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id DE7E610D2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  8 May 2019 07:54:57 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com
	[209.85.221.51])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 520F01FB
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  8 May 2019 07:54:57 +0000 (UTC)
Received: by mail-wr1-f51.google.com with SMTP id v11so5722738wru.5
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 08 May 2019 00:54:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=satoshilabs.com; s=google;
	h=to:references:from:openpgp:autocrypt:subject:message-id:date
	:user-agent:mime-version:in-reply-to:content-language
	:content-transfer-encoding;
	bh=P3afVqc+yOzybUQTEB14eddXoK+2jzhuShtkoME/ii0=;
	b=VJeBs9sDEqby4Aa95JuWTkDZwGsrwRK+4zn71NN0zvtSw0tQSrwpY0QizQv9EzG9G/
	DmjMldbxC4RYAAzpjbv5RdkNe669s4uIeO83HxQDxPPPbqXHxt/m5GLbbVXsJBqabrgH
	1OusZ/ORR/gUk64OLNzqbt66qCV3YaBcQsxQTxMd6Cthy1QI/kFZHORZyRRjxoVAATXE
	95tHUiq8l05VjkYDajxD4eeNZlhFXWjvIJRA9cOdPCO4cka8h79ou8P8RTEMSi7JFhGH
	ZFHci+iaZW/+ovtPaoaWnVZqMuIlrNAWibxfoKk3E6SIAkgUux+/cZsWYe/LHIt7Nqgy
	YuzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:to:references:from:openpgp:autocrypt:subject
	:message-id:date:user-agent:mime-version:in-reply-to
	:content-language:content-transfer-encoding;
	bh=P3afVqc+yOzybUQTEB14eddXoK+2jzhuShtkoME/ii0=;
	b=L44LamgHNOSaKH9che+E2j2Un2RvzS6DlvWsSdtlq2l69NdI5w18JyqngErtLe7LPz
	TInlrkqgZtxBOTAiy2uaeMcTGw2R2g12/f4Htot0VUe0A3U6JWvU+M7yErxpiS/X/6i2
	Ng+lEjcaEJv7qwWEdkDWx36XtOR36nAv4f2Cdb8GxKJdqTS/zxXRmEXHUhVF0dPmPqZu
	em0o5iDwqVrXzP5RjSHtMq0sevDwgccSVdDWjaN8Dw/v1Bf0+sZkSWbuuOAjAjos4eXa
	ioUPOifRSn1ewcjd2A00X8KCh87gWLIWOdjno+Olt8JpLAc9DY1Drp/kWeXl1so91y6R
	ukOg==
X-Gm-Message-State: APjAAAXaKPCmSrSZOUpFsTI1bA9xPDXCMS/Pu68qdapDfh4N3XO8WGoy
	bb1KnB7AZVoLNmRPYiAHlkKg/YvOOH0=
X-Google-Smtp-Source: APXvYqwACqhEPI/ytIj4Whf0kyUj1omru2dz1hzfk+gcRqstHzNQSMHxMKpHHEq/BHeW23deVd4cOA==
X-Received: by 2002:adf:8122:: with SMTP id 31mr15804411wrm.112.1557302095638; 
	Wed, 08 May 2019 00:54:55 -0700 (PDT)
Received: from [192.168.2.140] (ip-94-112-58-143.net.upcbroadband.cz.
	[94.112.58.143])
	by smtp.gmail.com with ESMTPSA id r64sm6494930wmr.0.2019.05.08.00.54.54
	for <bitcoin-dev@lists.linuxfoundation.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 08 May 2019 00:54:54 -0700 (PDT)
To: bitcoin-dev@lists.linuxfoundation.org
References: <CACL8y1v9fpZ+gWLVHMx-bGUCaSd0=0ecHU-u4FF=LnhT7s1zTg@mail.gmail.com>
	<20190503132945.GR810@coinkite.com>
	<CACL8y1tesev2OLrkfYfvmkgbR2xuk-0JPqdmYGtrUcser9GPfg@mail.gmail.com>
	<20190507184034.0a72a9c7@simplexum.com>
From: jan matejek <jan.matejek@satoshilabs.com>
Openpgp: preference=signencrypt
Autocrypt: addr=jan.matejek@satoshilabs.com; keydata=
	mQINBFqFmVUBEADi+iKI60b0gvNokY3wxUqmZUt4ms6FPdf/oksWBbmS1JFzIpbFUims72Yd
	GmfAgJIkQ//Qae9rXj1BHZtZm6ag7Ts5ojOu0lOndLJg4XB4ELkEFZrmcH8DvhlFRUQb02RN
	ieXqbdinCNRvmqIpk6UhZ2+RF0EAnvFOBAu21E/hCemr+vGkQdaU+Gx6nc2yiDOxSF2JFbC1
	jGZhEeuuBCdL9K3VDfDVcbQC5tzYJHF0yi45zu1XeCpwk/xbeJ4h49rYlbZ/O7wNGAWQzSpm
	JbBn/pAKKdWVJ1p5IMEKtZfjtICU30tY4SDo2bXMiY0tQHqETB0XJUAVsxG/aui6xi9ZDFDh
	0HEjwVx+njqucagUdfg0uWz+lposbYHDJtVdmXR2hM6BiJP/NL9EvLfszWWFwpRiDDRNPJLM
	SG0f4NO8/wKYnIX0UoDldADnnLL0yQ3eOlGzlgWbzOk059Fo81si47rKdmgWlCF6CemCl3PR
	TdSPqQ4YMTjCwDJ0VQc0/P6wv43UZArnkD/FZBvsRcZt70o6drDv09XLu/v1BQdatCGd/CBW
	F0G3PyjGoOXcR+riThWaBOBCsdGzoi5Wjs/BHIfK99fv/NmcTBncn1a8Q3BpucG5QWLEkoc7
	8KXY2PT/A9vvLdK7L62R6cagBYmfOhyq1uoBHBEeZvpO9iJaGQARAQABtDRKYW4gTWF0ZWpl
	ayAobWF0ZWpjaWspIDxqYW4ubWF0ZWpla0BzYXRvc2hpbGFicy5jb20+iQI+BBMBAgAoBQJa
	hZlVAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBRwZL4FqKtB9cmD/0e
	uxBrkQBiUFx8pgRsoy4fOJdWDmKRNN2CXL5EhPc9eMVok/VxRdKdJkZSYxS4Obt6hvdLj04Y
	Q/1KvXdhCThAgnP5v9uLogRn3p1OCWQAy6oCA+7VhHxGm511RFJIvIJqKSBAlN9rtSJYi6yd
	B+hyxliCB/zK+EWcQUknK4yfCj6Woz/AqDmwihzN88nHV2tw6aekTITpuXizGsKLXiiEkc6U
	tHW3HTg3H/8TSLIX34mf9UEafaCMWsvVLQMOdJlv1b9654aaHAkioXjY0qqhIfWX1cb76sgE
	A1WwzerpDHJCVB0Pvh1JSuTaNefNxKLFCZfg0b61TGRxN0jTmdvpbxNgklV8uBulIKuItYVI
	bJWhoU6CeGrMJgBp/AFtQWXCdW3jIkthm+8E3iaovIMPrHxCgVOza0dcOONkmViQu/kIDvBt
	F5ziTI6PsT14IFJOo4zEceLTqOTtzRWNBlYz6PGFwgSeh4stUHo82ta3NBBFVdaCerPn5Tvb
	hko7savRYqqfIQgZB2K/QBAVgb5u4iK5ahimWZS1KT5pZ92DfPDPsWU85SMPZZGmpdFGeVnX
	o484vn6CZUoQyr0OAihU44uglKGjF5xiF4B9UrONhnTNM4IfdZhK/zjTMqhK5fyLvTjknuYg
	HO5c71VX1SKVdlqZpUK318ew3m0z5bbaxLkCDQRahZlVARAA2fEW84P9p3BiaHbaUexLxaf9
	Q8fGbW9znaZTRnFn6Vi4Zq3N6GSMWJCn9+hF6Am90bWYq8qaWZdhR8dWDyqIvDN+TpeULHCB
	mNEESh4qoUXiqPu3qo9zWC+z3P+0mTFFtHsljl/psqxr4CkuCGyXS/XdpXec92ZvZwbpylcx
	iFHCW4IKpGC6665svBZ5ddCOfDFlI/54dodSKwnFYgg29xFvkf3mXdgz0C4orenqnVn7HIK1
	R5jgR2rkkiiSyGCh4CO9IoQD05a4MFUmA3pqvdf8QDvM940OYnTo/Gd5oPjZGcruzwWAqhrw
	rnbPxfN2AC9Wk4y4tYtO7rE2xl9p3cQu099eiiRfi5LUYXKlPOXDaXNvGkBj6LYcyvxmmpkt
	MBSr13+XTgxzGS4jvQaDy9TSSSoKELKZa0HHRyp+Xvk3xcAKmD6FH+qmRY3FgHBd1dby2YAY
	jpIxaE64+oKgv4XGA0Tu5fU9YG6cmw9U6whaQdMXOUES5uzmUudpygL0w/C+CN5Ym4WDlry9
	KpIHeTmmldoHXwAKmKtIHMVpefq3d4b+gwmzd3m0uZFuI4nUh098xhPOYGpsCncozwGCHNXY
	cio8BueB1ADAUsQp2sdpc3kh4KmmH+S81O9CUr8PiQtTW7yRTDAMhp42M+M/yBzqX674AhrP
	Wm+P1gdwQ6MAEQEAAYkCJQQYAQIADwUCWoWZVQIbDAUJCWYBgAAKCRBRwZL4FqKtBy7YD/45
	MwqkLF9yGakngzRLGirZDGZ8q+97PcTjcap+RhgxCCU/ZKm8mleR/gw9irDC75TTzifYAqCB
	66UaKvRMrlhDFXWGKG3XQdJ/gi0YTXImiucVVWD/cTeOROh4vedxwxyCQP8dV4eUDcGuQZNi
	SHO2EaDjVweuhO/oHxaA96ZJ+4/GXmhjt7hDruJLEdmZgQAt/aC7G1OMV5XQSXaDzD3Otl0f
	+Z1uNI9RfbMitP+h1Gncm/cMvJWOkbA2ZzS4Mfgf8xxd2irR9TQKEImksSirKcUsWGK/u9ni
	vupZ+vbe4REXf5y5ad2ILDPzdwQQWhiyD9cxMDjT51UMMPxxNOTXLQatbVYSAGGK9PSNpEh2
	IqRtf0+LeTaOnjUjVPuXTROI/TMh2Ia5U6ZuvYcPPhb+sY5OQX3mQJT2uvbiVLz5rkR6ZHq4
	dx4JuP4wvuXLPeN9lE+6S/3i5G+EiqnArsmdMMgMARTLV930qyrD1RqivawBpzJKbqJ9hzuF
	rvSW01bGYc+Zo4lwg8zQg5c0aA9/OaygGz/anF98WbLKwMpKAnHUv8Oo0PQ3ku5Aow85baFw
	ekqL1UhX0Eez5Dw5gDnyWLt1oKa7D3XPYG6zmX5fcXGvj9pbxnbgUecUVN3EpkQyaT2ExVwb
	v5dUJDnnoT71TTMPNUTl9BNQacyH2puxZQ==
Message-ID: <9e85b47c-6ba9-ab85-03f1-eb0ddf3022de@satoshilabs.com>
Date: Wed, 8 May 2019 09:54:53 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
	Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <20190507184034.0a72a9c7@simplexum.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 09 May 2019 14:49:45 +0000
Subject: Re: [bitcoin-dev] Adding xpub field to PSBT to make multisig more
 secure
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 07:54:58 -0000

hello,

On 07. 05. 19 15:40, Dmitry Petukhov via bitcoin-dev wrote:
> At the setup phase, hardware wallet can sign a message that consists of
> xpubs of participants, and some auxiliary text. It can use the key
> derived from the master key, with path chosen specifically for this
> purpose.

This seems overly complicated.

What is your threat model?

IIUC, each individual multisig signature also signs the set of signers
(through signing redeem-script (or scriptPubKey in address-based multisig))
So if an attacker gives me bad xpubs, i will sign them, but the
signature won't be valid for the given multisig output - even if the
attacker manages to trick 2 of 3 signers and recombine their signatures.

Therefore, the input==output check is sufficient: if I use the same set
of signers for an input and an output, I can be sure that the change
goes to the same multisig wallet.

Or is there something I'm missing?

The weak spot is the part where you generate receiving address, because
that "creates" the particular multisig wallet. But that's nothing to do
with PSBT.

> This would allow to distinguish the trusted output even if the inputs
> are not all derived from the same set of xpubs, that could happen in
> more complex scenarios (batching, key rotation, etc.), and can possibly
> be used to have several different types of 'trusted' outputs.

This seems to be an attempt at a different, much broader problem. And it
won't help if the attacker can replay a different trusted-xpub package
(e.g., one that contains a revoked previously compromised key).

regards
m.