Return-Path: <junderwood@bitcoinbank.co.jp>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 004AAC9E
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 23 Jul 2019 05:03:46 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw1-f54.google.com (mail-yw1-f54.google.com
	[209.85.161.54])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5929EF1
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 23 Jul 2019 05:03:45 +0000 (UTC)
Received: by mail-yw1-f54.google.com with SMTP id x67so15244584ywd.3
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 22 Jul 2019 22:03:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=bitcoinbank.co.jp; s=google;
	h=mime-version:references:in-reply-to:from:date:message-id:subject:to; 
	bh=fBG/Oai8uU2XBac+IHwA3huIOxfda1Bbbf0GuJ8dv8s=;
	b=cljbbrI8U1mGSG2rD0bxgNIuTxlNyx2nafnj55MOrTkgncyOaF+ezzj3q3uhkYtuJh
	tNqApxk/hzlWodgZHIOIYeeFwn70vb3YbPQL7DhxZyRV+yOYMMdYf3E0qC2SjzT5cYv9
	bDZADy1q6XTSCfqvlDqd0alJgHST1Ny/ivu/oDCb3UvXrXC7OwMcowQdVBQzCrWDiq8J
	5IL6n26T77GBSF6CCu8Sj+IrIGfh3P1Ob+3vJThDPLqROV5nmYVWSisEFD8Dt0wpmcsk
	WOfXYrD1M7OEf2PAgyKAan2TnrsyjohrZPpn4X8iNqLeR/lhd/DdX4ZKfj3L9hVT1wPJ
	T07g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to;
	bh=fBG/Oai8uU2XBac+IHwA3huIOxfda1Bbbf0GuJ8dv8s=;
	b=PZDWC/D8xuVXz0nozY4h4x61WHsbWjNMvLurFxztFMAbFiVOPr7ZBszRWKz+Ns4dnK
	4DF3+EyghxapSNW8QSByUpCo+X5s+YS3Lq67tTni1C6YgEw3e5CmdgVd7OyhhsoFS258
	Nn+GfLsf2SJGAyrSKq6iZ4BCRRKLGWKZcZQdry1GAeq3Yagta6z8UV9el2k1eLMIdxIM
	id3EEQ+KYxb3hKn985tYPqXuR8hg9x1ppIPCT6NLyx+GNwu0EMAY4UClKiQoYX6cTlbT
	HE98oRydDjOuQ5dx+fTTWshAj1QxtEiB0tOg1aez/Nf3bpd+VZOrseDuGcDrmy+Q57qn
	vrsQ==
X-Gm-Message-State: APjAAAXY4ppZwieRWYj9l8bP1Y+7Zu4LqBEzIgkfIwjx7cQEoH4tc0Cs
	EZuXB8EH5ho6+XPMnm63zKRp36wnH2A80/NSOWWs1ZsMjA==
X-Google-Smtp-Source: APXvYqwW7gBTawo6Yep7DxfCKDxLJB1/pY6wLfAFYDNoBZu0hG5K9m320tgSszEYIBO+P2OyYzoO2nhxWENj6TXVkvk=
X-Received: by 2002:a81:5e44:: with SMTP id s65mr42134564ywb.441.1563858224101;
	Mon, 22 Jul 2019 22:03:44 -0700 (PDT)
MIME-Version: 1.0
References: <CAMpN3mLvY+kuUGqzMW6SAMZ=h46_g=XLhDPhSY=X6xhLxvi15Q@mail.gmail.com>
	<20190627095031.4d5817b8@simplexum.com>
	<CAMpN3mKPkCPtYkN-JVku1r217-aBK=Rh3UEhvRPS_Y6DixJ9Dw@mail.gmail.com>
	<20190627122916.3b6c2c32@simplexum.com>
	<CAMpN3mL8tyP-6-nwn6dorcq7-dad6wYz8_pXinqHhgzUnrr_tg@mail.gmail.com>
	<20190627181429.15dda570@simplexum.com>
	<20190627202932.1cb4d727@simplexum.com>
	<20190629024816.2193363e@simplexum.com>
	<CAMpN3m+Oa6oPzAmhoioOkuf8__NSPPNoSEMHJwo9PhjXosMwhg@mail.gmail.com>
	<20190629094512.558ce181@simplexum.com>
	<CAMpN3mLmVwKwMwjjPGV3Z1JjeLmejMLkTN+3+c0Hu3K0-0GjyA@mail.gmail.com>
In-Reply-To: <CAMpN3mLmVwKwMwjjPGV3Z1JjeLmejMLkTN+3+c0Hu3K0-0GjyA@mail.gmail.com>
From: Jonathan Underwood <junderwood@bitcoinbank.co.jp>
Date: Tue, 23 Jul 2019 14:03:32 +0900
Message-ID: <CAMpN3mJnSniMaw_9ftzTFF4K8FPRTAAPA=zbP7YThXT_v-gs9w@mail.gmail.com>
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000ed4b3a058e521da7"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 24 Jul 2019 11:36:19 +0000
Subject: Re: [bitcoin-dev] BIP174 extension proposal (Global Type:
	PSBT_GLOBAL_XPUB_SIGNATURE)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 05:03:46 -0000

--000000000000ed4b3a058e521da7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello All,

I have made a pull request based on the discussion currently. Please move
discussion there.

https://github.com/bitcoin/bips/pull/801

Thanks,
Jonathan

2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 17:11 Jonathan Underwood <jun=
derwood@bitcoinbank.co.jp>:

> Even if the difference is apparent outside the signed data (in the
> output). Signing the data explicitly is more secure.
>
> ie. if some sort of vulnerability / way to break this system for 1-of-1
> multisig is found, someone who signed a single sig xpub whitelist will no=
t
> be exposed.
>
> 2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 13:43 Dmitry Petukhov <dp@s=
implexum.com>:
>
>> =D0=92 Sat, 29 Jun 2019 09:19:41 +0900
>> Jonathan Underwood <junderwood@bitcoinbank.co.jp> =D0=BF=D0=B8=D1=88=D0=
=B5=D1=82:
>>
>> > > Other note: you have 'unused' value of 1 for `m` in your scheme, why
>> > > not require m=3D1 for single-sig case, and use 0 as indicator that
>> > > there are a serlal number following it?
>> > >
>> >
>> > 0x00 is single sig, aka, OP_CHECKSIG
>> >
>> > 0x01 is multisig, aka, 1-of-3, 1-of-2 OP_CHECKMULTISIG
>>
>> This informatin is available in per-output redeem/witness script,
>> signer will be able to distinguish between multisig/single-sig by
>> looking at this script. I think it only need to know the total number
>> of keys participating in the signing, and check that this number
>> matches the particulars of redeem/witness script.
>>
>
>

--=20
-----------------
Jonathan Underwood
=E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE =E3=83=81=
=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=
=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC
-----------------

=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=E3=
=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=81=
=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=94=
=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82

=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3

--000000000000ed4b3a058e521da7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello All,<div><br></div><div>I have made a pull request b=
ased on the discussion currently. Please move discussion there.<br><br><a h=
ref=3D"https://github.com/bitcoin/bips/pull/801">https://github.com/bitcoin=
/bips/pull/801</a><br></div><div><br></div><div>Thanks,</div><div>Jonathan<=
/div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_a=
ttr">2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 17:11 Jonathan Underwood=
 &lt;<a href=3D"mailto:junderwood@bitcoinbank.co.jp">junderwood@bitcoinbank=
.co.jp</a>&gt;:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:=
0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">=
<div dir=3D"ltr"><div>Even if the difference is apparent outside the signed=
 data (in the output). Signing the data explicitly is more secure.<br><br>i=
e. if some sort of vulnerability / way to break this system for 1-of-1 mult=
isig is found, someone who signed a single sig xpub whitelist will not be e=
xposed.</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail=
_attr">2019=E5=B9=B46=E6=9C=8829=E6=97=A5(=E5=9C=9F) 13:43 Dmitry Petukhov =
&lt;<a href=3D"mailto:dp@simplexum.com" target=3D"_blank">dp@simplexum.com<=
/a>&gt;:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">=D0=92 =
Sat, 29 Jun 2019 09:19:41 +0900<br>
Jonathan Underwood &lt;<a href=3D"mailto:junderwood@bitcoinbank.co.jp" targ=
et=3D"_blank">junderwood@bitcoinbank.co.jp</a>&gt; =D0=BF=D0=B8=D1=88=D0=B5=
=D1=82:<br>
<br>
&gt; &gt; Other note: you have &#39;unused&#39; value of 1 for `m` in your =
scheme, why<br>
&gt; &gt; not require m=3D1 for single-sig case, and use 0 as indicator tha=
t<br>
&gt; &gt; there are a serlal number following it?<br>
&gt; &gt;=C2=A0 <br>
&gt; <br>
&gt; 0x00 is single sig, aka, OP_CHECKSIG<br>
&gt; <br>
&gt; 0x01 is multisig, aka, 1-of-3, 1-of-2 OP_CHECKMULTISIG<br>
<br>
This informatin is available in per-output redeem/witness script,<br>
signer will be able to distinguish between multisig/single-sig by<br>
looking at this script. I think it only need to know the total number<br>
of keys participating in the signing, and check that this number<br>
matches the particulars of redeem/witness script.<br>
</blockquote></div><br></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
 class=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div dir=
=3D"ltr"><div>-----------------<br></div><div>Jonathan Underwood</div><div>=
=E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE=E3=80=80=E3=
=83=81=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=
=B3=E3=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC</div><div>----------------=
-</div><div><br></div><div>=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=
=83=A1=E3=83=83=E3=82=BB=E3=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=
=8A=E3=81=AE=E6=96=B9=E3=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=
=E9=8D=B5=E3=82=92=E3=81=94=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=
=80=82</div><div><br></div><div>=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3=
FDAD998682F3590FEA3</div></div></div></div></div></div>

--000000000000ed4b3a058e521da7--