Discussion:
Sign / Verify message against SegWit P2SH addresses.
(too old to reply)
Dan Bryant via bitcoin-dev
2017-12-08 18:25:47 UTC
Permalink
Raw Message
I know there are posts, and an issue opened against it, but is there anyone
writing a BIP for Sign / Verify message against a SegWit address?

I realize it is not a feature in wide use, but I think it still serves an
important purpose, such as when proof of assets are requested.

ref: https://github.com/bitcoin/bitcoin/issues/10542
Sjors Provoost via bitcoin-dev
2017-12-09 12:57:52 UTC
Permalink
Raw Message
I would like to see this specifically for P2SH-PWPKH and/or native SegWit bech32 addresses.

Use cases I can think of are "I'm the whale in charge of these funds, listen to me" and some form of polling.

It's nice if funds aren't excluded from these type of functionalities just because they have a complicated redeem script. So something more generic like the Elements implementation / suggestion Greg Maxwell referred to in the Github thread would be nice too.

Is it also useful or possible to sign a message proving you are able to redeem some arbitrary branch in a MAST-like tree of scripts? What about being a minority part of a multisig?

All these features have privacy trade-offs, as well as perhaps security trade-offs, e.g. when you reveal a public key that was otherwise hidden behind a hash (i.e. if someone were to break secp256k1, they'd first organize a popular poll).

There's no BIP for the current message signing mechanism either afaik.

Sjors

> Op 8 dec. 2017, om 19:25 heeft Dan Bryant via bitcoin-dev <bitcoin-***@lists.linuxfoundation.org> het volgende geschreven:
>
> I know there are posts, and an issue opened against it, but is there anyone writing a BIP for Sign / Verify message against a SegWit address?
>
> I realize it is not a feature in wide use, but I think it still serves an important purpose, such as when proof of assets are requested.
>
> ref: https://github.com/bitcoin/bitcoin/issues/10542 <https://github.com/bitcoin/bitcoin/issues/10542>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-***@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Pavol Rusnak via bitcoin-dev
2017-12-19 21:36:45 UTC
Permalink
Raw Message
On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> I know there are posts, and an issue opened against it, but is there
> anyone writing a BIP for Sign / Verify message against a SegWit address?

Dan, are you still planning to write this BIP?

--
Best Regards / S pozdravom,

Pavol "stick" Rusnak
CTO, SatoshiLabs
Mark Friedenbach via bitcoin-dev
2017-12-19 21:58:40 UTC
Permalink
Raw Message
For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things:

(1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold.

(2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and

(3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins.

There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script.

Mark

> On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-***@lists.linuxfoundation.org> wrote:
>
> On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
>> I know there are posts, and an issue opened against it, but is there
>> anyone writing a BIP for Sign / Verify message against a SegWit address?
>
> Dan, are you still planning to write this BIP?
>
> --
> Best Regards / S pozdravom,
>
> Pavol "stick" Rusnak
> CTO, SatoshiLabs
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-***@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Damian Williamson via bitcoin-dev
2017-12-21 11:19:52 UTC
Permalink
Raw Message
In all seriousness, being able to sign a message is an important feature whether it is with Bitcoin Core or, with some other method. It is a good feature and it would be worthwhile IMHO to update it for SegWit addresses. I don't know about renewing it altogether, I like the current simplicity.


Regards,

Damian Williamson


------------------------------------

Sometimes I like to sign a message just to verify that is what I have said.

-

Bitcoin: 1PMUf9aaQ41M4bgVbCAPVwAeuKvj8CwxJg

------------------------------------

Signature:
HwJPqyWF0CbdsR7x737HbNIDoRufsrMI5XYQsKZ+MrWCJ6K7imtLY00sTCmSMDigZxRuoxyYZyQUw/lL0m/MV9M=

(Of course, signed messages will verify better usually with plain text and not HTML interpreted email - need a switch for outlook.com to send plaintext.)
________________________________
From: bitcoin-dev-***@lists.linuxfoundation.org <bitcoin-dev-***@lists.linuxfoundation.org> on behalf of Mark Friedenbach via bitcoin-dev <bitcoin-***@lists.linuxfoundation.org>
Sent: Wednesday, 20 December 2017 8:58 AM
To: Pavol Rusnak; Bitcoin Protocol Discussion
Subject: Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.

For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things:

(1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold.

(2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and

(3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins.

There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script.

Mark

> On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-***@lists.linuxfoundation.org> wrote:
>
> On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
>> I know there are posts, and an issue opened against it, but is there
>> anyone writing a BIP for Sign / Verify message against a SegWit address?
>
> Dan, are you still planning to write this BIP?
>
> --
> Best Regards / S pozdravom,
>
> Pavol "stick" Rusnak
> CTO, SatoshiLabs
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-***@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Mark Friedenbach via bitcoin-dev
2017-12-21 16:29:13 UTC
Permalink
Raw Message
It doesn’t matter what it does under the hood. The api could be the same.

> On Dec 21, 2017, at 3:19 AM, Damian Williamson via bitcoin-dev <bitcoin-***@lists.linuxfoundation.org> wrote:
>
> In all seriousness, being able to sign a message is an important feature whether it is with Bitcoin Core or, with some other method. It is a good feature and it would be worthwhile IMHO to update it for SegWit addresses. I don't know about renewing it altogether, I like the current simplicity.
>
> Regards,
> Damian Williamson
>
> ------------------------------------
> Sometimes I like to sign a message just to verify that is what I have said.
> -
> Bitcoin: 1PMUf9aaQ41M4bgVbCAPVwAeuKvj8CwxJg
> ------------------------------------
> Signature:
> HwJPqyWF0CbdsR7x737HbNIDoRufsrMI5XYQsKZ+MrWCJ6K7imtLY00sTCmSMDigZxRuoxyYZyQUw/lL0m/MV9M=
>
> (Of course, signed messages will verify better usually with plain text and not HTML interpreted email - need a switch for outlook.com to send plaintext.)
> From: bitcoin-dev-***@lists.linuxfoundation.org <bitcoin-dev-***@lists.linuxfoundation.org> on behalf of Mark Friedenbach via bitcoin-dev <bitcoin-***@lists.linuxfoundation.org>
> Sent: Wednesday, 20 December 2017 8:58 AM
> To: Pavol Rusnak; Bitcoin Protocol Discussion
> Subject: Re: [bitcoin-dev] Sign / Verify message against SegWit P2SH addresses.
>
> For what it’s worth, I think it would be quite easy to do better than the implied solution of rejiggering the message signing system to support non-P2PKH scripts. Instead, have the signature be an actual bitcoin transaction with inputs that have the script being signed. Use the salted hash of the message being signed as the FORKID as if this were a spin-off with replay protection. This accomplishes three things:
>
> (1) This enables signing by any infrastructure out there — including hardware wallets and 2FA signing services — that have enabled support for FORKID signing, which is a wide swath of the ecosystem because of Bitcoin Cash and Bitcoin Gold.
>
> (2) It generalizes the message signing to allow multi-party signing setups as complicated (via sighash, etc.) as those bitcoin transactions allow, using existing and future tools based on Partially Signed Bitcoin Transactions; and
>
> (3) It unifies a single approach for message signing, proof of reserve (where the inputs are actual UTXOs), and off-chain colored coins.
>
> There’s the issue of size efficiency, but for the single-party message signing application that can be handled by a BIP that specifies a template for constructing the pseudo-transaction and its inputs from a raw script.
>
> Mark
>
> > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <bitcoin-***@lists.linuxfoundation.org> wrote:
> >
> > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> >> I know there are posts, and an issue opened against it, but is there
> >> anyone writing a BIP for Sign / Verify message against a SegWit address?
> >
> > Dan, are you still planning to write this BIP?
> >
> > --
> > Best Regards / S pozdravom,
> >
> > Pavol "stick" Rusnak
> > CTO, SatoshiLabs
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-***@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-***@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-***@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Jason Dreyzehner via bitcoin-dev
2017-12-21 17:23:49 UTC
Permalink
Raw Message
You might be interested in this proposal, which is very similar. The repo
contains a very basic implementation in typescript:
https://github.com/bitauth/bitauth2017/blob/master/bips/0-bitauth.mediawiki

https://github.com/bitauth/bitauth2017/

On Tue, Dec 19, 2017 at 4:59 PM Mark Friedenbach via bitcoin-dev <
bitcoin-***@lists.linuxfoundation.org> wrote:

> For what it’s worth, I think it would be quite easy to do better than the
> implied solution of rejiggering the message signing system to support
> non-P2PKH scripts. Instead, have the signature be an actual bitcoin
> transaction with inputs that have the script being signed. Use the salted
> hash of the message being signed as the FORKID as if this were a spin-off
> with replay protection. This accomplishes three things:
>
> (1) This enables signing by any infrastructure out there — including
> hardware wallets and 2FA signing services — that have enabled support for
> FORKID signing, which is a wide swath of the ecosystem because of Bitcoin
> Cash and Bitcoin Gold.
>
> (2) It generalizes the message signing to allow multi-party signing setups
> as complicated (via sighash, etc.) as those bitcoin transactions allow,
> using existing and future tools based on Partially Signed Bitcoin
> Transactions; and
>
> (3) It unifies a single approach for message signing, proof of reserve
> (where the inputs are actual UTXOs), and off-chain colored coins.
>
> There’s the issue of size efficiency, but for the single-party message
> signing application that can be handled by a BIP that specifies a template
> for constructing the pseudo-transaction and its inputs from a raw script.
>
> Mark
>
> > On Dec 19, 2017, at 1:36 PM, Pavol Rusnak via bitcoin-dev <
> bitcoin-***@lists.linuxfoundation.org> wrote:
> >
> > On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> >> I know there are posts, and an issue opened against it, but is there
> >> anyone writing a BIP for Sign / Verify message against a SegWit address?
> >
> > Dan, are you still planning to write this BIP?
> >
> > --
> > Best Regards / S pozdravom,
> >
> > Pavol "stick" Rusnak
> > CTO, SatoshiLabs
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-***@lists.linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-***@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
Dan Bryant via bitcoin-dev
2017-12-21 22:22:58 UTC
Permalink
Raw Message
legacy message sign verify BIP to get the ball rolling.

early draft:
https://github.com/brianddk/bips/blob/legacysignverify/bip-0xyz.mediawiki

On Tue, Dec 19, 2017 at 3:36 PM, Pavol Rusnak <***@satoshilabs.com> wrote:

> On 08/12/17 19:25, Dan Bryant via bitcoin-dev wrote:
> > I know there are posts, and an issue opened against it, but is there
> > anyone writing a BIP for Sign / Verify message against a SegWit address?
>
> Dan, are you still planning to write this BIP?
>
> --
> Best Regards / S pozdravom,
>
> Pavol "stick" Rusnak
> CTO, SatoshiLabs
>
Loading...