š
Original date posted:2016-12-23
š Original message:The following won't be directly applicable to your question without some
kind of tremendous hacking on your part: but in cryptography there is
actually a way to sign a message using only hash functions.
If you're interested look up the definition for "Lamport Signatures." It's
an algorithm for masking the bits of a message by exchanging a table of
hashes prior to signing and then revealing the "secrets" behind said hashes
in such a way that you can selectively mask the bits of the message hash
that you're wishing to sign.
It's actually a really cool algorithm and probably the most elegant thing
I've ever seen in the way of digital signatures - and besides just being
something that's really cool: Lamport Signatures have the advantage of
being quantum safe too (if you care about that kind of thing.)
To actually answer your question indirectly: you would use a consensus
system that understands Lamport signature operations in the "scriptPubKey"
(Ethereum could probably do this now.) And note that as Nick ODell has
already said: using the hashes alone in this scheme won't work since the
moment you publish the transactions with said hash secrets anyone is then
free to pluck out those values and double spend the original transaction to
a new destination (and this is actually the reason why Peter Todd's
proof-of-hash collision scheme in Bitcoin is insecure but still allows us
to incentivize whether or not there may be a flaw with the recent SHA
algorithms.)
Regarding hash protected M of N multi-sig: there is already a similar smart
contract algorithm called "atomic cross-chain contracts" that relies on
hash values to be released as part of the protocol to swap coins across
blockchains but said algorithm also uses ECDSA public keys to prevent the
transactions from being double-spent. So in Bitcoin Multi-sig using hash
values will work - though you still need to include an ECDSA pub key to
protect them from attackers on the network.
(I hope this helps. You didn't say much about the intended use-case for
this.)
On Fri, Dec 23, 2016 at 4:29 AM, Andrew via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
> Hi
>
> Is there a worked out scriptPubKey for doing multisig with just hashes
> of the participants? I think it is doable and it is more secure to a
> compromised ECDSA. I'm thinking something like this for the
> scriptPubKey:
> 2 OP_SWAP OP_SWAP OP_SWAP OP_DUP OP_HASH160 <pubKeyHash1>
> OP_EQUALVERIFY OP_DUP OP_HASH160 <pubKeyHash2> OP_EQUALVERIFY OP_DUP
> OP_HASH160 <pubKeyHash3> OP_EQUALVERIFY 3 OP_CHECKMULTISIG
>
> and <sigs><pubkeys> for the scriptSig
>
> Can anyone confirm or send me a link to the worked out script?
>
> Thanks
>
> --
> PGP: B6AC 822C 451D 6304 6A28 49E9 7DB7 011C D53B 5647
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20161224/1926b5e7/attachment.html>;
Matthew Roberts [ARCHIVE] /
npub12fā¦k0jt6
2023-06-07 17:55:02
in reply to nevent1qā¦4cc0
Author Public Key
npub12ftsvulestm9ztkjkgkl7cfurm6u6dau835evhcs3jwxyctn4y6qsk0jt6Seen on
wss://relay.nostr.bandPublished at
2023-06-07 17:55:02Event JSON
{
"id": "f1886b3b6c98cdb36f860f434c0cec43d650304c4c1e3a876cec04d1fe5afdf9",
"pubkey": "52570673f982f6512ed2b22dff613c1ef5cd37bc3c69965f108c9c626173a934",
"created_at": 1686160502,
"kind": 1,
"tags": [
[
"e",
"f9f1981bc1fd27c1193c617c13c87679227d52718c27bf55a35ec8757f453b54",
"",
"root"
],
[
"e",
"bad5278e11b9a335dbb1b273953470d0ac2056a66253a8d2f7c85696e87ed81b",
"",
"reply"
],
[
"p",
"2a9b7d3423041901b738be6b1d40a6e4dd3f9041e7a5fa4a2d3c662d296814c7"
]
],
"content": "š
Original date posted:2016-12-23\nš Original message:The following won't be directly applicable to your question without some\nkind of tremendous hacking on your part: but in cryptography there is\nactually a way to sign a message using only hash functions.\n\nIf you're interested look up the definition for \"Lamport Signatures.\" It's\nan algorithm for masking the bits of a message by exchanging a table of\nhashes prior to signing and then revealing the \"secrets\" behind said hashes\nin such a way that you can selectively mask the bits of the message hash\nthat you're wishing to sign.\n\nIt's actually a really cool algorithm and probably the most elegant thing\nI've ever seen in the way of digital signatures - and besides just being\nsomething that's really cool: Lamport Signatures have the advantage of\nbeing quantum safe too (if you care about that kind of thing.)\n\nTo actually answer your question indirectly: you would use a consensus\nsystem that understands Lamport signature operations in the \"scriptPubKey\"\n(Ethereum could probably do this now.) And note that as Nick ODell has\nalready said: using the hashes alone in this scheme won't work since the\nmoment you publish the transactions with said hash secrets anyone is then\nfree to pluck out those values and double spend the original transaction to\na new destination (and this is actually the reason why Peter Todd's\nproof-of-hash collision scheme in Bitcoin is insecure but still allows us\nto incentivize whether or not there may be a flaw with the recent SHA\nalgorithms.)\n\nRegarding hash protected M of N multi-sig: there is already a similar smart\ncontract algorithm called \"atomic cross-chain contracts\" that relies on\nhash values to be released as part of the protocol to swap coins across\nblockchains but said algorithm also uses ECDSA public keys to prevent the\ntransactions from being double-spent. So in Bitcoin Multi-sig using hash\nvalues will work - though you still need to include an ECDSA pub key to\nprotect them from attackers on the network.\n\n(I hope this helps. You didn't say much about the intended use-case for\nthis.)\n\nOn Fri, Dec 23, 2016 at 4:29 AM, Andrew via bitcoin-dev \u003c\nbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\n\u003e Hi\n\u003e\n\u003e Is there a worked out scriptPubKey for doing multisig with just hashes\n\u003e of the participants? I think it is doable and it is more secure to a\n\u003e compromised ECDSA. I'm thinking something like this for the\n\u003e scriptPubKey:\n\u003e 2 OP_SWAP OP_SWAP OP_SWAP OP_DUP OP_HASH160 \u003cpubKeyHash1\u003e\n\u003e OP_EQUALVERIFY OP_DUP OP_HASH160 \u003cpubKeyHash2\u003e OP_EQUALVERIFY OP_DUP\n\u003e OP_HASH160 \u003cpubKeyHash3\u003e OP_EQUALVERIFY 3 OP_CHECKMULTISIG\n\u003e\n\u003e and \u003csigs\u003e\u003cpubkeys\u003e for the scriptSig\n\u003e\n\u003e Can anyone confirm or send me a link to the worked out script?\n\u003e\n\u003e Thanks\n\u003e\n\u003e --\n\u003e PGP: B6AC 822C 451D 6304 6A28 49E9 7DB7 011C D53B 5647\n\u003e _______________________________________________\n\u003e bitcoin-dev mailing list\n\u003e bitcoin-dev at lists.linuxfoundation.org\n\u003e https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20161224/1926b5e7/attachment.html\u003e",
"sig": "6c6f5febbc61cebc972523e3a3bc9f4a04f98b9a68e24c9d9392479c7b4778dceefc97136abca890d1f1b835132480170de1dcd241c3024764c168d114de4af4"
}