Re: [bitcoin-dev] [BIP Proposal] Partially Signed Bitcoin Transaction (PSBT) format

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Jochen Hoenicke <hoenicke@gmail•com>
To: Greg Sanders <gsanders87@gmail•com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] [BIP Proposal] Partially Signed Bitcoin Transaction (PSBT) format
Date: Mon, 21 Aug 2017 23:36:24 +0200	[thread overview]
Message-ID: <5f67d70d-a432-7826-22df-4207580aa1d2@gmail.com> (raw)
In-Reply-To: <CAB3F3Dv1kuJdu8veNUHa4b58TvWy=BT6zfxdhqEPBQ8rjDfWtA@mail.gmail.com>

On 21.08.2017 20:12, Greg Sanders via bitcoin-dev wrote:
> To fix this I consulted with andytoshi and got something we think works
> for both cases:
> 
> 1) When a signing device receives a partially signed transaction, all
> inputs must come with a ownership proof:
> - For the input at address A, a signature over H(A || x) using the key
> for A. 'x' is some private fixed key that only the signing device
> knows(most likely some privkey along some unique bip32 path).
> - For each input ownership proof, the HW wallet validates each signature
> over the hashed message, then attempts to "decode" the hash by applying
> its own 'x'. If the hash doesn't match, it cannot be its own input.
> - Sign for every input that is yours

Interesting, basically a proof of non-ownership :), a proof that the
hardware wallet doesn't own the address.

But shouldn't x be public, so that the device can verify the signature?
Can you expand on this, what is exactly signed with which key and how is
it checked?

One also has to make sure that it's not possible to reuse signatures as
ownership proof that were made for a different purpose.

  Jochen

next prev parent reply	other threads:[~2017-08-21 21:36 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-18 22:11 Andrew Chow
2017-08-21  0:00 ` Bryan Bishop
2017-08-21 18:12   ` Greg Sanders
2017-08-21 21:36     ` Jochen Hoenicke [this message]
2017-08-22 19:26       ` Greg Sanders

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5f67d70d-a432-7826-22df-4207580aa1d2@gmail.com \
    --to=hoenicke@gmail$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=gsanders87@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox