Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 2414E139D for ; Wed, 14 Mar 2018 12:37:21 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from zinan.dashjr.org (zinan.dashjr.org [192.3.11.21]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 87164360 for ; Wed, 14 Mar 2018 12:37:20 +0000 (UTC) Received: from ishibashi.localnet (unknown [IPv6:2001:470:5:265::71]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 2371738A0C7A; Wed, 14 Mar 2018 12:36:50 +0000 (UTC) X-Hashcash: 1:25:180314:karljohan-alm@garage.co.jp::BIzNlmP2nkPKc2lf:bjq7a X-Hashcash: 1:25:180314:bitcoin-dev@lists.linuxfoundation.org::n+z7B3lvxmfbWF=R:CB78 From: Luke Dashjr To: Karl Johan Alm , Bitcoin Protocol Discussion Date: Wed, 14 Mar 2018 12:36:47 +0000 User-Agent: KMail/1.13.7 (Linux/4.15.1-gentoo; KDE/4.14.37; x86_64; ; ) References: In-Reply-To: X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201803141236.48869.luke@dashjr.org> X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] {sign|verify}message replacement X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2018 12:37:21 -0000 I don't see a need for a new RPC interface, just a new signature format. Ideally, it should support not only just "proof I receive at this address", but also "proof of funds" (as a separate feature) since this is a popular misuse of the current message signing (which doesn't actually prove funds at all). To do this, it needs to be capable of signing for multiple inputs. Preferably, it should also avoid disclosing the public key for existing or future UTXOs. But I don't think it's possible to avoid this without something MAST-like first. Perhaps it can be a MAST upgrade later on, but the new signature scheme should probably be designed with it in mind. Luke On Wednesday 14 March 2018 8:09:20 AM Karl Johan Alm via bitcoin-dev wrote: > Hello, > > I am considering writing a replacement for the message signing tools > that are currently broken for all but the legacy 1xx addresses. The > approach (suggested by Pieter Wuille) is to do a script based > approach. This does not seem to require a lot of effort for > implementing in Bitcoin Core*. Below is my proposal for this system: > > A new structure SignatureProof is added, which is a simple scriptSig & > witnessProgram container that can be serialized. This is passed out > from/into the signer/verifier. > > RPC commands: > > sign

[=false] > > Generates a signature proof for using the same method that > would be used to spend coins sent to

.** > > verify

[=false] > > Deserializes and executes the proof using a custom signature checker > whose sighash is derived from . Returns true if the check > succeeds, and false otherwise. The scriptPubKey is derived directly > from

.** > > Feedback welcome. > > -Kalle. > > (*) Looks like you can simply use VerifyScript with a new signature > checker class. (h/t Nicolas Dorier) > (**) If is true, is the sighash, otherwise > sighash=sha256d(message). > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev