📅 Original date posted:2011-08-24
🗒️ Summary of this message: The fastest way to secure Bitcoin wallets is through multi-signature transactions, but there are concerns about the size of new Bitcoin addresses and compatibility with old clients. However, it may be worth forking the chain to implement this feature.
📝 Original message:On Wed, Aug 24, 2011 at 11:12 AM, Gavin Andresen
<gavinandresen at gmail.com> wrote:
> It seems to me the fastest path to very secure, very-hard-to-lose
> bitcoin wallets is multi-signature transactions.
>
> To organize this discussion: first, does everybody agree?
It's a good tool which we should have in our tool-belt.
Though it's a bit of when you are a hammer all problems are nails.
This issue can also be addressed by things like external private key
protectors. But someone would have to build one.
Someone might be more inclined to build such a thing if the software
had good support for tracking public keys without private keys, and
generating unsigned transactions for export to the device for signing.
> ByteCoin pointed to a research paper that gives a scheme for splitting
> a private key between two people, neither of which every knows the
[snip]
> So I'm assuming that is NOT the fastest way to solving the problem.
Regardless, it might be useful to contact the authors.
> I still think it is a good idea to enable a set of new 'standard'
> multisignature transactions, so they get relayed and included into
> blocks. I don't want to let "the perfect become the enemy of the
> good" -- does anybody disagree?
I agree.
> The arguments against are that if the proposed standard transactions
> are accepted, then the next step is to define a new kind of bitcoin
> address that lets coins be deposited into a multisignature-protected
> wallet.
>
> And those new as-yet-undefined bitcoin addresses will have to be 2 or
> 3 times as big as current bitcoin addresses, and will be incompatible
> with old clients.
>
> So, if we are going to have new releases that are incompatible with
> old clients why not do things right in the first place, implement or
> enable opcodes so the new bitcoin addresses can be small, and schedule
> a block chain split for N months from now.
One way of doing this would be to have an address which hashes an
ordered concatenation of many addresses (perhaps plus a length
argument). To redeem you provide the public keys which are signing,
plus the addresses which aren't signing, and the receiver validates.
If it can be done, then yes, I agree it would be worth forking the chain.
This _feels_ like something which could and should be done with the
existing (but disabled opcodes).
It's not exclusive, however, with a long N-address address type for
multisig destinations. We could support that _now_ and defer the
'compressed version' until after people have experience with this
usage. The only cost would be supporting this address type forever,
which isn't that bad.
It's also important to note that incompatibility wouldn't be complete:
The only limit is that old clients couldn't send funds to escrow
addresses— which is an issue no matter how you encode the information.
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 02:17:44
in reply to nevent1q…lv7z
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetPublished at
2023-06-07 02:17:44Event JSON
{
"id": "da9c509ffd96af86c20edfdff798552382e6a6af7802c3561a750cf80a869cee",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686104264,
"kind": 1,
"tags": [
[
"e",
"391ebcb8eb3f9b5884cfbf66f4a99b12c015cc93baa9452c114d68f52d1168ec",
"",
"root"
],
[
"e",
"f292e6443f984a4fb7fe39a747ba298858420ed123dae48f7adf145c394193c6",
"",
"reply"
],
[
"p",
"308e0d1efb1707ac6b92cd0b19c304882b3919f4bd59336c4a718c159bdcf63b"
]
],
"content": "📅 Original date posted:2011-08-24\n🗒️ Summary of this message: The fastest way to secure Bitcoin wallets is through multi-signature transactions, but there are concerns about the size of new Bitcoin addresses and compatibility with old clients. However, it may be worth forking the chain to implement this feature.\n📝 Original message:On Wed, Aug 24, 2011 at 11:12 AM, Gavin Andresen\n\u003cgavinandresen at gmail.com\u003e wrote:\n\u003e It seems to me the fastest path to very secure, very-hard-to-lose\n\u003e bitcoin wallets is multi-signature transactions.\n\u003e\n\u003e To organize this discussion: first, does everybody agree?\n\nIt's a good tool which we should have in our tool-belt.\n\nThough it's a bit of when you are a hammer all problems are nails.\nThis issue can also be addressed by things like external private key\nprotectors. But someone would have to build one.\n\nSomeone might be more inclined to build such a thing if the software\nhad good support for tracking public keys without private keys, and\ngenerating unsigned transactions for export to the device for signing.\n\n\u003e ByteCoin pointed to a research paper that gives a scheme for splitting\n\u003e a private key between two people, neither of which every knows the\n[snip]\n\u003e So I'm assuming that is NOT the fastest way to solving the problem.\n\nRegardless, it might be useful to contact the authors.\n\n\u003e I still think it is a good idea to enable a set of new 'standard'\n\u003e multisignature transactions, so they get relayed and included into\n\u003e blocks. I don't want to let \"the perfect become the enemy of the\n\u003e good\" -- does anybody disagree?\n\nI agree.\n\n\u003e The arguments against are that if the proposed standard transactions\n\u003e are accepted, then the next step is to define a new kind of bitcoin\n\u003e address that lets coins be deposited into a multisignature-protected\n\u003e wallet.\n\u003e\n\u003e And those new as-yet-undefined bitcoin addresses will have to be 2 or\n\u003e 3 times as big as current bitcoin addresses, and will be incompatible\n\u003e with old clients.\n\u003e\n\u003e So, if we are going to have new releases that are incompatible with\n\u003e old clients why not do things right in the first place, implement or\n\u003e enable opcodes so the new bitcoin addresses can be small, and schedule\n\u003e a block chain split for N months from now.\n\nOne way of doing this would be to have an address which hashes an\nordered concatenation of many addresses (perhaps plus a length\nargument). To redeem you provide the public keys which are signing,\nplus the addresses which aren't signing, and the receiver validates.\n\nIf it can be done, then yes, I agree it would be worth forking the chain.\n\nThis _feels_ like something which could and should be done with the\nexisting (but disabled opcodes).\n\n\nIt's not exclusive, however, with a long N-address address type for\nmultisig destinations. We could support that _now_ and defer the\n'compressed version' until after people have experience with this\nusage. The only cost would be supporting this address type forever,\nwhich isn't that bad.\n\nIt's also important to note that incompatibility wouldn't be complete:\nThe only limit is that old clients couldn't send funds to escrow\naddresses— which is an issue no matter how you encode the information.",
"sig": "47e5854778a18abc959e65949756e68ce1d90d280e528c35a7a4d4e04c00e9553b598f5c2c5f756a85403ac9331cf71118e791fa337ffd931c1509665eb6a609"
}