On Mon, Oct 5, 2015 at 9:18 AM, Jean-Pierre Rupp <root@haskoin.com> wrote:

Perhaps Pedro wants to also participate in a 2-of-2 cosigning
arrangement with a merchant that will deliver a laptop to him, so Pedro
provides this merchant with the same extended public key derived from
path m/45', and the merchant provides Pedro with his own:

Pedro: xpub456...
ElCheapoPC: xpub987...

Thanks for the explanation. OK, maybe that should be stated on BIP45, but

it was never the idea that you reuse your xpub for different wallet, as I mention

on the original reply. The only implementation of BIP45 I am aware of (Copay),

use completely different xprivs for each wallet.

On 05/10/15 07:57, Matias Alejo Garcia wrote:
>
> Hi,
>
> Sorry the late response. Going back to the original message:
>
>
> > On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote:
> >> I have been reviewing BIP-45 today. There is a privacy problem
> with it
> >> that should at least be mentioned in the document.
> >>
> >> When using the same extended public key for all multisig
> activity, and
> >> dealing with different cosigners in separate multisig accounts,
> reuse of
> >> the same set of public keys means that all cosigners from all
> accounts
> >> will be able to monitor multisig activity from every other
> cosigner, in
> >> every other account.
>
>
> I am not completely sure what you mean by 'account' and 'mutisig
> activity'. You seem to imply
> that the same set of extended public keys will be used in more that one
> wallet, which it is
> not required (and certainly not recommended) by BIP45.
>
> According to BIP45, a singing party, in order to generate a wallet
> address, needs the extended public keys of all the other parties, so
> each party will be able to see the transaction history of the wallet
> they are sharing, but if the party has other wallets with other copayers
> the xpub should be completely different.
>
> matías
>
>
>
> --
> BitPay.com

BitPay.com