1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
Return-Path: <brocade-conceal-sepia-litigate-rebus@dreyzehner.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id DB03ECB7
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 21 Dec 2017 17:24:01 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f176.google.com (mail-io0-f176.google.com
[209.85.223.176])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1D40C411
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 21 Dec 2017 17:24:01 +0000 (UTC)
Received: by mail-io0-f176.google.com with SMTP id 87so17643407ior.5
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 21 Dec 2017 09:24:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=dreyzehner.com; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=0mcwhD8C/BmK70h6IdcbSyvMbP0XhkuXy8HElA2ClJg=;
b=ZpOxDgAbzLGGD1RfM5kABcVQKlQCZQfDVZ/FmkBRj4KP9O2ll7H8gkNtz140WCEuTF
wfK5Z0+HsiwD3L+objb4ETZHaDNrnMp7B4NLe+4L24rLYA1GDJNRDmyi/ciZYnzPvOvL
G5e9ZGg8F9RCN0/CoB6/aCVYhBh35ZFhnY3Epu0ANEr/BvBVv8lMr8P4BaH83VvOvXJU
mxDY4L1vbVIhUFEhuE990/ZcpghGRw9NjLO/hirdCscw+/xqdyErAkFR59oUUyV2BYWl
otKP5HW022QB1wL6d2vlnl/YgsSJiKdLAxDb3SJ0+pPl+jDzqNbS7LoLmWD//jduaI04
kqlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=0mcwhD8C/BmK70h6IdcbSyvMbP0XhkuXy8HElA2ClJg=;
b=oux3djf5YrERCgo9mYzYbMMBlpiezlYHZruz1ZAwyzn2HS7+bg0oASwdf6Q6Q6OpBP
AAAuDSMu0DA1KVNkzNBgnwvOpyFj6OKm5ibyU7UkAWV93lFwsInsG9oGLjWZRZt9Nubx
dHmK3bxqGl+oB/NHjPnUR+/REGY3R+HJfQv4wUIfsprlkH867H5XN0/8QIety0kjnvNN
WK23nyAsOksBAWEv25xQsO8zFngtfTUA5KkRWj/HY7u0zbbY6Rj3byYrsZ19l1W2197S
+v7EJm6t0BWecgo88hQF/V6aPCyXPeqJBle2pYoS3nYURwuebKs6TUzzSq449SJ5DgYI
oAmw==
X-Gm-Message-State: AKGB3mIXEBH3v+hPGM5Gm+rnWS1qTQw1V+NQcbf9MrHsj6r/3DveC2Tk
MOcxCSikcdFMmEgiqdETv6eG+WKRoB/VCuQmAfwaZwoi
X-Google-Smtp-Source: ACJfBov/jUcXS3lUvD/UZsNgQbj1lcwYNt1lvTXQMuxCoLur1jMOeMtmynW9UEofiyfa4AsfaqadEUfOXAfKhHSdnwU=
X-Received: by 10.107.168.106 with SMTP id r103mr13698443ioe.42.1513877040127;
Thu, 21 Dec 2017 09:24:00 -0800 (PST)
MIME-Version: 1.0
References: <CAAUFj10gEPBS3nTZ6aJn4UazhcJKPni6_pYGWwOs+QNeDo9NaA@mail.gmail.com>
<52b65bab-ff84-7e21-e35a-f6ebd8106767@satoshilabs.com>
<725C679B-60E2-4E21-9F7D-10F67118D58D@friedenbach.org>
In-Reply-To: <725C679B-60E2-4E21-9F7D-10F67118D58D@friedenbach.org>
From: Jason Dreyzehner <jason@dreyzehner.com>
Date: Thu, 21 Dec 2017 17:23:49 +0000
Message-ID: <CALunu-GWw1P6BJ8sZdr1ApKJVHawd7LJ9JHfEWP-Z0nacc8bhg@mail.gmail.com>
To: Mark Friedenbach <mark@friedenbach.org>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="001a11426c7836152b0560dcf7a4"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Thu, 21 Dec 2017 18:25:07 +0000
Subject: Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH
addresses.
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2017 17:24:02 -0000
--001a11426c7836152b0560dcf7a4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
You might be interested in this proposal, which is very similar. The repo
contains a very basic implementation in typescript:
https://github.com/bitauth/bitauth2017/blob/master/bips/0-bitauth.mediawiki
https://github.com/bitauth/bitauth2017/
On Tue, Dec 19, 2017 at 4:59 PM Mark Friedenbach via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> For what it=E2=80=99s worth, I think it would be quite easy to do better =
than the
> implied solution of rejiggering the message signing system to support
> non-P2PKH scripts. Instead, have the signature be an actual bitcoin
> transaction with inputs that have the script being signed. Use the salted
> hash of the message being signed as the FORKID as if this were a spin-off
> with replay protection. This accomplishes three things:
>
> (1) This enables signing by any infrastructure out there =E2=80=94 includ=
ing
> hardware wallets and 2FA signing services =E2=80=94 that have enabled sup=
port for
> FORKID signing, which is a wide swath of the ecosystem because of Bitcoin
> Cash and Bitcoin Gold.
>
> (2) It generalizes the message signing to allow multi-party signing setup=
s
> as complicated (via sighash, etc.) as those bitcoin transactions allow,
> using existing and future tools based on Partially Signed Bitcoin
> Transactions; and
>
> (3) It unifies a single approach for message signing, proof of reserve
> (where the inputs are actual UTXOs), and off-chain colored coins.
>
> There=E2=80=99s the issue of size efficiency, but for the single-party me=
ssage
> signing application that can be handled by a BIP that specifies a templat=
e
> for constructing the pseudo-transaction and its inputs from a raw script.
>
> Mark
>
> > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
> >
> > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> >> I know there are posts, and an issue opened against it, but is there
> >> anyone writing a BIP for Sign / Verify message against a SegWit addres=
s?
> >
> > Dan, are you still planning to write this BIP?
> >
> > --
> > Best Regards / S pozdravom,
> >
> > Pavol "stick" Rusnak
> > CTO, SatoshiLabs
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--001a11426c7836152b0560dcf7a4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">You might be interested in this proposal, which is very si=
milar. The repo contains a very basic implementation in typescript:=C2=A0<a=
href=3D"https://github.com/bitauth/bitauth2017/blob/master/bips/0-bitauth.=
mediawiki">https://github.com/bitauth/bitauth2017/blob/master/bips/0-bitaut=
h.mediawiki</a><div><br></div><div><a href=3D"https://github.com/bitauth/bi=
tauth2017/">https://github.com/bitauth/bitauth2017/</a>=C2=A0<br><br><div c=
lass=3D"gmail_quote"><div dir=3D"ltr">On Tue, Dec 19, 2017 at 4:59 PM Mark =
Friedenbach via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfo=
undation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex">For what it=E2=80=99s worth, I think it wou=
ld be quite easy to do better than the implied solution of rejiggering the =
message signing system to support non-P2PKH scripts. Instead, have the sign=
ature be an actual bitcoin transaction with inputs that have the script bei=
ng signed. Use the salted hash of the message being signed as the FORKID as=
if this were a spin-off with replay protection. This accomplishes three th=
ings:<br>
<br>
(1) This enables signing by any infrastructure out there =E2=80=94 includin=
g hardware wallets and 2FA signing services =E2=80=94 that have enabled sup=
port for FORKID signing, which is a wide swath of the ecosystem because of =
Bitcoin Cash and Bitcoin Gold.<br>
<br>
(2) It generalizes the message signing to allow multi-party signing setups =
as complicated (via sighash, etc.) as those bitcoin transactions allow, usi=
ng existing and future tools based on Partially Signed Bitcoin Transactions=
; and<br>
<br>
(3) It unifies a single approach for message signing, proof of reserve (whe=
re the inputs are actual UTXOs), and off-chain colored coins.<br>
<br>
There=E2=80=99s the issue of size efficiency, but for the single-party mess=
age signing application that can be handled by a BIP that specifies a templ=
ate for constructing the pseudo-transaction and its inputs from a raw scrip=
t.<br>
<br>
Mark<br>
<br>
> On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <<a href=
=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin=
-dev@lists.linuxfoundation.org</a>> wrote:<br>
><br>
> On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:<br>
>> I know there are posts, and an issue opened against it, but is the=
re<br>
>> anyone writing a BIP for Sign / Verify message against a SegWit ad=
dress?<br>
><br>
> Dan, are you still planning to write this BIP?<br>
><br>
> --<br>
> Best Regards / S pozdravom,<br>
><br>
> Pavol "stick" Rusnak<br>
> CTO, SatoshiLabs<br>
> _______________________________________________<br>
> bitcoin-dev mailing list<br>
> <a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_bl=
ank">bitcoin-dev@lists.linuxfoundation.org</a><br>
> <a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-=
dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org=
/mailman/listinfo/bitcoin-dev</a><br>
<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div></div></div>
--001a11426c7836152b0560dcf7a4--
|
