Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1URFCg-0007FR-0x
	for bitcoin-development@lists.sourceforge.net;
	Sun, 14 Apr 2013 05:10:14 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.148.93 as permitted sender)
	client-ip=62.13.148.93; envelope-from=pete@petertodd.org;
	helo=outmail148093.authsmtp.net; 
Received: from outmail148093.authsmtp.net ([62.13.148.93])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1URFCd-0005gT-IG for bitcoin-development@lists.sourceforge.net;
	Sun, 14 Apr 2013 05:10:13 +0000
Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232])
	by punt14.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r3E5A5aN012625
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 14 Apr 2013 05:10:05 GMT
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
	(authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r3E59xIB050451
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 14 Apr 2013 06:10:01 +0100 (BST)
Date: Sun, 14 Apr 2013 01:09:58 -0400
From: Peter Todd <pete@petertodd.org>
To: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Message-ID: <20130414050958.GA11142@savin>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 8f9e2890-a4c1-11e2-b10b-0025903375e2
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVJwpGK10IU0Fd
	P1hXKl1LNVAaWXld WiVPGEoXDxgzCjYj NEgGOBsDNw4AXgF1
	IQgLXVBSFQZ4ARoL Bx4UUhg8cANYeX5u ZEFqQHFbVVt/fUFi
	QwAWFhgDbC8ZGmAa UERddk1RdgdOMBcT YwV9XHoNfDQDNXt9
	RlY+ZXU7ZG1VbXwN GFxcdQlJHhsGRCgG aTtQVTg/AUADS20o
	LhMgL1MHB08ePwIs PEEgV0MdPgQJAwJT V11KSBcDHHlJQjcv EQJBXEF2
X-Authentic-SMTP: 61633532353630.1019:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1URFCd-0005gT-IG
Subject: [Bitcoin-development] RFC: extend signmessage/verifymessage to P2SH
	multisig
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 14 Apr 2013 05:10:14 -0000


--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Currently signmessage/verifymessage only supports messages signed by a
single key. We should extend that to messages signed by n-of-m keys, or
=66rom the users point of view, P2SH multisig addresses.

rpc.cpp:signmessage() returns the output of SignCompact(). That in turn
starts with a header byte marking the signs of the various keys to allow
for key recovery. The header byte can be one of 0x1B, 0x1C, 0x1D or 0x1E


For multisig signmessage signatures this is extended:

    <01> <varint n> <varint m> <sig or key> {<sig or key>, ...}

Each signature or key can be one of the following forms:

    sig: <1B/1C/1D/1E> <32 byte r> <32 byte s>
    compress key: <02/03> <32 byte x>
    uncompressed key: <04> <32 byte x> <32 byte y>

Note that we have to provide all pubkeys, even if they aren't used for a
given signature, to allow the P2SH address to be reconstructed.

Decoding/encoding is a bit code-intensive due to the all the cases, but
on the other hand this format keeps the size down to an absolute
minimum. Alternatively I could use length bytes.

The format is backwards compatible in the sense that older versions will
fail safely on new signatures, even ones that have been truncated.
Similarly new signatures are easily distinguished from old, and going
forward if we for some reason need yet another signature format the
leading byte can be incremented.

Signing incomplete signatures on messages can be handled by converting
pubkeys to signatures. Similarly the RPC signmessage command can be
extended with an optional "existing signature" option.

--=20
'peter'[:-1]@petertodd.org

--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJRajolAAoJEH+rEUJn5PoEQnsH/ihNAzBeuE92SdHqDdfAfVlW
qCidTgCWtITWh7B0PcBhq49PHDue3F2JI+zkflGKJtqsclekgOcfkGJfg9OestxG
1DGVfc7m3LugKQChjdmfR+yNd6RYuFf3IQVPtMByMMOc4C4wmjGqPISxDiXBeUVR
QEXsEdY97LzePVvis2YI2M/QDXR2QwLyyAr+l7IcntzAJStFkYy06Bq+I8y+VwXi
vKAU/qI/UorxCA30WW32biGJFB/05Ssomv0iRo+N06kZTRC1/9442ca5L7wc2OwZ
XaJXLBjWMY8V2MBCiZ0UZRWkCM2OWa6B1FO6X/Z/U9uMs/58OyC4w/8kQbr4mxs=
=4For
-----END PGP SIGNATURE-----

--HcAYCG3uE/tztfnV--