Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 4E4311923 for ; Mon, 5 Oct 2015 18:05:05 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ig0-f178.google.com (mail-ig0-f178.google.com [209.85.213.178]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 23EED12C for ; Mon, 5 Oct 2015 18:05:04 +0000 (UTC) Received: by igcpb10 with SMTP id pb10so69099615igc.1 for ; Mon, 05 Oct 2015 11:05:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=EAsP60J3KXIU6PzLvgJK9UApeui+sIeSgddtXM1/jVg=; b=uYwNObgrdQgpevb+t0aHY1aYWq/vcQeLwvbMgz2KT2L4qIitPkQvIK7gQ3w1IClt00 qIW6HfsfbK3hlxCbw6zXMuy4DGqFdsKyo+4gaI/RYF38zPGmGiPDHQm0VaETTpR/v15F HYhqFt0vt6UUZqzYuTKLnYzjPpBLxqR4SZ+jLQdKvXYyr0tMFWp0QOFcv23SQiNhCI/W QYjwnGlIMIHJkAJ9Po4DXviwUJMxlmMoFN6lF++MbIDmTRy2iZ28FqWMxZWZSmfEc8l2 wBovOo7jFltL43AvT4M+EWlI86xWgwdHbPQZphW9tB+ARYM00pvvkM9/60SIpvOHX5VK r5pA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitpay.com; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=EAsP60J3KXIU6PzLvgJK9UApeui+sIeSgddtXM1/jVg=; b=Fb96BYFilUtMsyKPNl7EsFIh/1YIknA7uVIfBDhFTQKg8HzlfqNIiC8aueQJEEaHhx +as9tKTIuzG63BpAWTx1C+Z/vIZMA4RQbn3JYbf3trUYgjpPRr/ztQokhMlq5+k7q0Zg 6Svu48qiQQbwbD3lwREWRZ8FAgj1Y5ukPqzF8= X-Received: by 10.50.22.101 with SMTP id c5mr10882512igf.57.1444068303623; Mon, 05 Oct 2015 11:05:03 -0700 (PDT) MIME-Version: 1.0 Sender: ematiu@gmail.com Received: by 10.50.230.19 with HTTP; Mon, 5 Oct 2015 11:04:44 -0700 (PDT) In-Reply-To: <56126AB0.3030107@haskoin.com> References: <560FCD30.9020902@haskoin.com> <5611432F.5070209@haskoin.com> <561160EB.30505@gmail.com> <56126AB0.3030107@haskoin.com> From: Matias Alejo Garcia Date: Mon, 5 Oct 2015 15:04:44 -0300 X-Google-Sender-Auth: Ztw1Ji6kIApcPSlXVdM14s_d0TE Message-ID: To: Jean-Pierre Rupp Content-Type: multipart/alternative; boundary=047d7b10c9cb44e83c05215f5ac3 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] [Bitcoin-development] New BIP32 structure for P2SH multisig wallets [BIP-45] X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2015 18:05:05 -0000 --047d7b10c9cb44e83c05215f5ac3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, Oct 5, 2015 at 9:18 AM, Jean-Pierre Rupp wrote: > > Perhaps Pedro wants to also participate in a 2-of-2 cosigning > arrangement with a merchant that will deliver a laptop to him, so Pedro > provides this merchant with the same extended public key derived from > path m/45', and the merchant provides Pedro with his own: > > Pedro: xpub456... > ElCheapoPC: xpub987... > Thanks for the explanation. OK, maybe that should be stated on BIP45, but it was never the idea that you reuse your xpub for different wallet, as I mention on the original reply. The only implementation of BIP45 I am aware of (Copay), use completely different xprivs for each wallet. > > On 05/10/15 07:57, Matias Alejo Garcia wrote: > > > > Hi, > > > > Sorry the late response. Going back to the original message: > > > > > > > On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote: > > >> I have been reviewing BIP-45 today. There is a privacy problem > > with it > > >> that should at least be mentioned in the document. > > >> > > >> When using the same extended public key for all multisig > > activity, and > > >> dealing with different cosigners in separate multisig accounts, > > reuse of > > >> the same set of public keys means that all cosigners from all > > accounts > > >> will be able to monitor multisig activity from every other > > cosigner, in > > >> every other account. > > > > > > I am not completely sure what you mean by 'account' and 'mutisig > > activity'. You seem to imply > > that the same set of extended public keys will be used in more that one > > wallet, which it is > > not required (and certainly not recommended) by BIP45. > > > > According to BIP45, a singing party, in order to generate a wallet > > address, needs the extended public keys of all the other parties, so > > each party will be able to see the transaction history of the wallet > > they are sharing, but if the party has other wallets with other copayer= s > > the xpub should be completely different. > > > > mat=C3=ADas > > > > > > > > -- > > BitPay.com > --=20 BitPay.com --047d7b10c9cb44e83c05215f5ac3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Mon, Oct 5, 2015 at 9:18 AM, Jean-Pierre Rupp <= root@haskoin.com&= gt; wrote:
Perhaps Pedro wants to also participate in a 2-of-2 cosigning
arrangement with a merchant that will deliver a laptop to him, so Pedro
provides this merchant with the same extended public key derived from
path m/45', and the merchant provides Pedro with his own:

Pedro: xpub456...
ElCheapoPC: xpub987...


T= hanks for the explanation. OK, maybe that should be stated on BIP45, but
it was never the idea that you reuse your xpub for different wallet= , as I mention
on the original reply. The only implementation of = BIP45 I am aware of (Copay),
use completely different xprivs for = each wallet.

=C2=A0

On 05/10/15 07:57, Matias Alejo Garcia wrote:
>
> Hi,
>
> Sorry the late response. Going back to the original message:
>
>
>=C2=A0 =C2=A0 =C2=A0> On 03/10/15 13:42, Jean-Pierre Rupp via bitcoi= n-dev wrote:
>=C2=A0 =C2=A0 =C2=A0>> I have been reviewing BIP-45 today.=C2=A0 = There is a privacy problem
>=C2=A0 =C2=A0 =C2=A0with it
>=C2=A0 =C2=A0 =C2=A0>> that should at least be mentioned in the d= ocument.
>=C2=A0 =C2=A0 =C2=A0>>
>=C2=A0 =C2=A0 =C2=A0>> When using the same extended public key fo= r all multisig
>=C2=A0 =C2=A0 =C2=A0activity, and
>=C2=A0 =C2=A0 =C2=A0>> dealing with different cosigners in separa= te multisig accounts,
>=C2=A0 =C2=A0 =C2=A0reuse of
>=C2=A0 =C2=A0 =C2=A0>> the same set of public keys means that all= cosigners from all
>=C2=A0 =C2=A0 =C2=A0accounts
>=C2=A0 =C2=A0 =C2=A0>> will be able to monitor multisig activity = from every other
>=C2=A0 =C2=A0 =C2=A0cosigner, in
>=C2=A0 =C2=A0 =C2=A0>> every other account.
>
>
> I am not completely sure what you mean by 'account' and 'm= utisig
> activity'. You seem to imply
> that the same set of extended public keys will be used in more that on= e
> wallet, which it is
> not required (and certainly not recommended) by BIP45.
>
> According to BIP45, a singing party, in order to generate a wallet
> address, needs the extended public keys of all the other parties, so > each party will be able to see the transaction history of the wallet > they are sharing, but if the party has other wallets with other copaye= rs
> the xpub should be completely different.
>
> mat=C3=ADas
>
>
>
> --
> BitPay.com



--
=
BitPay.com
=
--047d7b10c9cb44e83c05215f5ac3--