1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
Return-Path: <karljohan-alm@garage.co.jp>
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
by lists.linuxfoundation.org (Postfix) with ESMTP id BA985C013E
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 Mar 2020 06:31:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by fraxinus.osuosl.org (Postfix) with ESMTP id A8D268586A
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 Mar 2020 06:31:43 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id hbgGvZl9WKsG
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 Mar 2020 06:31:42 +0000 (UTC)
X-Greylist: delayed 00:08:45 by SQLgrey-1.7.6
Received: from mta.hdems.com (mta15.mta.hdems.com [52.199.63.174])
by fraxinus.osuosl.org (Postfix) with ESMTPS id 288E085815
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 Mar 2020 06:31:42 +0000 (UTC)
Received: from mo.hdems.com (unknown [10.5.84.11])
by mta-c16-s3201.mta.hdems.com ('HDEMS') with ESMTPSA id 48XP263Lsjz2K1rbT
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 4 Mar 2020 06:22:54 +0000 (UTC)
X-HDEMS-MO-TENANT: garage.co.jp
Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com.
[209.85.208.198]) by gwsmtp.prod.mo.hdems.com with ESMTPS id
gwsmtpd-trans-92f4c4d7-4ba1-45c1-ba48-5b24a81b250a
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 04 Mar 2020 06:22:51 +0000
Received: by mail-lj1-f198.google.com with SMTP id f11so122277ljn.6
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 03 Mar 2020 22:22:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=garage.co.jp; s=google;
h=mime-version:from:date:message-id:subject:to;
bh=x/Wuzk6s4tEnaqGG7ql0m6OdpMHWfnYdPn31jAH1ks8=;
b=Ef5RMb97XCx1s05hjW030afbrVL9j4rXMh4SNfDNC9oJbF0gj8BR5rWjFwKk7fIRDd
FzN8jQ+mGvR0oPSZO5bOc0Wxz8QQKwtr/7dCCEzKyGJF8u43HIHYhr6xyWu9iH4lfZhx
+huuDas/026h98br7dfOJ/yd208dYv3HXxPBE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=x/Wuzk6s4tEnaqGG7ql0m6OdpMHWfnYdPn31jAH1ks8=;
b=koNNUZFUv8fHuosraPl7Rk+rpvQ335IBafiNElmIT7xsAjbnYPNglvg6cUWDxxxVr9
g0Bnv4EItT612EgU0wypmaGq5TdNO8MlOqIAVyMR2v2mvYFt30fePw1qGW41DyV69ODP
J07dfzjb7pi5906Dfk6MaTn2i/nsT6FWCTKO/qE9CHPgMgH5OQ3IJ/vaxRr6pPq7hy0D
AYg45wEAL8C8+9A9uHjgMMTYrfezW8WHYiV9C6O7Vn50ZmO4Oyg+cpJoUXgblgDlg5K6
ek37uDG+JQFxY2LrT799EFfj+Ah8QbI1ZnbriKPX6/d1LUs6Z8UexgTwvQWiHI78/Hyx
ej3w==
X-Gm-Message-State: ANhLgQ28wuKFFQoLnNa+KjSBIeZm5WrKW28XYeXzKcpsebwdM3mCkjbt
TXHh39GKlsuLu37QONRdGk8YqIoeNHU4kNqqrGRO2YR/ewrltdEwzHj4SMzqINDz/0+boCfSe9u
IYCT/zS5BfpHoMRR8a4KIgNpXHBnXUhOg78WML5uFpTksvvZLoNVa0wN+USHGP5TdmCJ4p2do+X
ryHIni5ZeYywHLTceJ24lHfNu7i6gHIMtpIjkBwVgVnZL4x3sC/ctCseykSZPP+7u5nKSSe87NG
Os5WLxz3b/U9EEtq1O+DhhKWBT1k5VgHCCu0+yAVQfIWBgJmfZIL6gqlu9XCY0YxsF981LGf1e6
jH2HkxtxRqxfxlSvruv0vPAD5w87
X-Received: by 2002:ac2:5111:: with SMTP id q17mr1040917lfb.51.1583302968103;
Tue, 03 Mar 2020 22:22:48 -0800 (PST)
X-Google-Smtp-Source: ADFU+vsT13eL0ADW5CAwklf1zcJ98B2HZaFanXBXxY0jbXEFXhv+au/QNHRxeqfdOLoRHRmrxAIGZbvRckX7KgSDKXo=
X-Received: by 2002:ac2:5111:: with SMTP id q17mr1040899lfb.51.1583302967561;
Tue, 03 Mar 2020 22:22:47 -0800 (PST)
MIME-Version: 1.0
From: Karl-Johan Alm <karljohan-alm@garage.co.jp>
Date: Wed, 4 Mar 2020 15:23:53 +0900
Message-ID: <CALJw2w4ENV3y3Ufu=YRquDNwvQnewcwGHOe1njw8-ztNXJF-XQ@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Subject: [bitcoin-dev] RFC: Kicking BIP-322 (message signing) into motion
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 06:31:43 -0000
Hello,
I noticed recently that a PR to Bitcoin Core that pretty much touched
everything my BIP-322 pull request touches (around the same
complexity) was merged without a thought given to BIP-322
compatibility, despite the BIP-322 PR being open for 2x the time. I
can only conclude from this that people dislike BIP-322 in its current
form, which the 9 month old pull request stagnating can probably
attest to.
There are several things that I can do to make this a bit more
appealing to people, which would hopefully kick the progress on this
forward. I have already put in a non-trivial amount of energy and
effort into maintaining the pull request as is, so I'd prefer if
people were harsh and unfiltered in their criticism rather than polite
and buffered, so I can beat this thing into shape (or abandon it, in
the worst case).
=============
1. People use signmessage as a way to prove funds. This is misleading
and should be discouraged; throw the sign message stuff out and
replace it entirely with a prove funds system.
I know in particular luke-jr is of this opinion, and Greg Maxwell in
https://github.com/bitcoin/bitcoin/pull/16440#issuecomment-568194168
leans towards this opinion as well, it seems.
=============
2. Use a transaction rather than a new format; make the first input's
txid the message hash to ensure the tx cannot be broadcasted. This has
the benefit of being able to provide to an existing hardware wallet
without making any modifications to its firmware.
I think Mark Friedenbach and Johnson Lau are of this opinion, except
Johnson Lau also suggests that the signature hash is modified, see
https://github.com/bitcoin/bips/pull/725#issuecomment-420040430 --
which defeats the benefit above since now hw wallets can no longer
sign.
Prusnak (I think he works at Trezor; apologies if I am mistaken) is
against this idea, and proposes (3) below:
https://github.com/bitcoin/bips/pull/725#issuecomment-420210488
=============
3. Use Trezor style
See https://github.com/trezor/trezor-mcu/issues/169
This has the benefit of already being adopted (which clearly BIP-322
is failing hard at right now), but has the drawback that we can no
longer do *generic* signing; we are stuck with the exact same
limitations as in the legacy system, which we kinda wanted to fix in
the updated version.
=============
4. Introduce OP_MESSAGEONLY
Quoting Johnson Lau at
https://github.com/bitcoin/bips/pull/725#issuecomment-420421058 :
"""
OP_MESSAGEONLY means the script following the code would never be
valid. For example, a scriptPubKey:
OP_IF OP_MESSAGEONLY <key_m> OP_ELSE <key_s> OP_ENDIF OP_CHECKSIG
For messaging purpose, OP_MESSAGEONLY is considered as OP_NOP and is
ignored. A message could be signed with either key_m or key_s.
For spending, only key_s is valid.
I don't think it is a big problem to consume a op_code. If this is a
real concern, I could modify it as follow: in message system,
OP_RETURN will pop the top stack. If top stack is msg in hex, it is
ignored. Otherwise, the script fails.
"""
=============
5. Some other solution
|
