📅 Original date posted:2018-03-14
📝 Original message:I don't see a need for a new RPC interface, just a new signature format.
Ideally, it should support not only just "proof I receive at this address",
but also "proof of funds" (as a separate feature) since this is a popular
misuse of the current message signing (which doesn't actually prove funds at
all). To do this, it needs to be capable of signing for multiple inputs.
Preferably, it should also avoid disclosing the public key for existing or
future UTXOs. But I don't think it's possible to avoid this without something
MAST-like first. Perhaps it can be a MAST upgrade later on, but the new
signature scheme should probably be designed with it in mind.
Luke
On Wednesday 14 March 2018 8:09:20 AM Karl Johan Alm via bitcoin-dev wrote:
> Hello,
>
> I am considering writing a replacement for the message signing tools
> that are currently broken for all but the legacy 1xx addresses. The
> approach (suggested by Pieter Wuille) is to do a script based
> approach. This does not seem to require a lot of effort for
> implementing in Bitcoin Core*. Below is my proposal for this system:
>
> A new structure SignatureProof is added, which is a simple scriptSig &
> witnessProgram container that can be serialized. This is passed out
> from/into the signer/verifier.
>
> RPC commands:
>
> sign <address> <message> [<prehashed>=false]
>
> Generates a signature proof for <message> using the same method that
> would be used to spend coins sent to <address>.**
>
> verify <address> <message> <proof> [<prehashed>=false]
>
> Deserializes and executes the proof using a custom signature checker
> whose sighash is derived from <message>. Returns true if the check
> succeeds, and false otherwise. The scriptPubKey is derived directly
> from <address>.**
>
> Feedback welcome.
>
> -Kalle.
>
> (*) Looks like you can simply use VerifyScript with a new signature
> checker class. (h/t Nicolas Dorier)
> (**) If <prehashed> is true, <message> is the sighash, otherwise
> sighash=sha256d(message).
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Luke Dashjr [ARCHIVE] /
npub1tf…rfq0n
2023-06-07 18:11:13
in reply to nevent1q…nwfx
Author Public Key
npub1tfk373zg9dnmtvxnpnq7s2dkdgj37rwfj3yrwld7830qltmv8qps8rfq0nSeen on
wss://relay.noswhere.comPublished at
2023-06-07 18:11:13Event JSON
{
"id": "d06239552d6b88a20d53f377dcfc6c3221a1e654ebc003234d91a7ae8cd1d3f0",
"pubkey": "5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803",
"created_at": 1686161473,
"kind": 1,
"tags": [
[
"e",
"fde6d8b8cd384fa838810364bd9a6edd18aea9246ae8127a644187087642ae18",
"",
"root"
],
[
"e",
"e36b50c558594bdcd14a516619ff3584b7cd8a1d67f1ecc75107a2df507d9612",
"",
"reply"
],
[
"p",
"9e2723f47c6c16d3093735bd6acdc8b0dd1b91c78216f7001bdd2f7562b69ed1"
]
],
"content": "📅 Original date posted:2018-03-14\n📝 Original message:I don't see a need for a new RPC interface, just a new signature format.\n\nIdeally, it should support not only just \"proof I receive at this address\", \nbut also \"proof of funds\" (as a separate feature) since this is a popular \nmisuse of the current message signing (which doesn't actually prove funds at \nall). To do this, it needs to be capable of signing for multiple inputs.\n\nPreferably, it should also avoid disclosing the public key for existing or \nfuture UTXOs. But I don't think it's possible to avoid this without something \nMAST-like first. Perhaps it can be a MAST upgrade later on, but the new \nsignature scheme should probably be designed with it in mind.\n\nLuke\n\n\nOn Wednesday 14 March 2018 8:09:20 AM Karl Johan Alm via bitcoin-dev wrote:\n\u003e Hello,\n\u003e \n\u003e I am considering writing a replacement for the message signing tools\n\u003e that are currently broken for all but the legacy 1xx addresses. The\n\u003e approach (suggested by Pieter Wuille) is to do a script based\n\u003e approach. This does not seem to require a lot of effort for\n\u003e implementing in Bitcoin Core*. Below is my proposal for this system:\n\u003e \n\u003e A new structure SignatureProof is added, which is a simple scriptSig \u0026\n\u003e witnessProgram container that can be serialized. This is passed out\n\u003e from/into the signer/verifier.\n\u003e \n\u003e RPC commands:\n\u003e \n\u003e sign \u003caddress\u003e \u003cmessage\u003e [\u003cprehashed\u003e=false]\n\u003e \n\u003e Generates a signature proof for \u003cmessage\u003e using the same method that\n\u003e would be used to spend coins sent to \u003caddress\u003e.**\n\u003e \n\u003e verify \u003caddress\u003e \u003cmessage\u003e \u003cproof\u003e [\u003cprehashed\u003e=false]\n\u003e \n\u003e Deserializes and executes the proof using a custom signature checker\n\u003e whose sighash is derived from \u003cmessage\u003e. Returns true if the check\n\u003e succeeds, and false otherwise. The scriptPubKey is derived directly\n\u003e from \u003caddress\u003e.**\n\u003e \n\u003e Feedback welcome.\n\u003e \n\u003e -Kalle.\n\u003e \n\u003e (*) Looks like you can simply use VerifyScript with a new signature\n\u003e checker class. (h/t Nicolas Dorier)\n\u003e (**) If \u003cprehashed\u003e is true, \u003cmessage\u003e is the sighash, otherwise\n\u003e sighash=sha256d(message).\n\u003e _______________________________________________\n\u003e bitcoin-dev mailing list\n\u003e bitcoin-dev at lists.linuxfoundation.org\n\u003e https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev",
"sig": "2a96ba30fdca4f8436c888652087b72d073d9ef7caa8f9427abb520ffe8eeb2a958c69040b19af63fa2d7a57be6e712832f4c79113ff798b25b363f57888e359"
}