Reposted from Xitter:
Bear markets are for building, bull markets are for... beta testing?
I've been working on an automated multisig key agent I'm calling Sigbash (website: https://sigbash.com - use code BETATEST if you want to help kick the tires on it).
Sigbash implements browser-side xpub blinding, which is a fancy way of saying that, from the time a user is issued a key, right up until the key agent is asked to sign a transaction, the key agent *doesn't actually know anything about the key it issued*
This means that if the signing server is ever compromised or a bad actor somehow gets a hold of the seed phrase, they won't be able to discover anything about what it protects (!)
Quick 🧵 below:
Techie mumbo jumbo: when a user requests an xpub, Sigbash sends one to the client browser, and then on the client the WebCrypto API is used to choose a random derivation path to generate a new child xpub. A SHA256 hash of this xpub is sent to the Sigbash server; the hash is the only information the server has about the key until a request is made to sign a PSBT.
When it's time to sign, the user submits the PSBT along with their xpub; the signing server takes the SHA256 hash of the submitted xpub and check whether there's a record of it, and if so returns a signed PSBT.
Instead of having a human in the loop to confirm a signing request, a user can instead attach signing conditions to a key when it's issued- e.g. "sign transactions submitted with this key immediately", or "only sign after a certain date", or "only after a certain block height"
along with
"sign only if this Bitcoin address has a balance greater or less than a certain number of satoshis"
or
"sign only if the global network hashrate is greater or less than a certain number of Terahash",
or
"sign only if the BTC/USD exchange rate is above or below a certain number"
I've tried to square the circle of making this as private as a multisig key agent can be while still being supported by as much of today's wallet software as possible - there are no trackers on the site, no accounts to set up or email addresses that can be harvested, no credit cards to bill (thanks @BtcpayServer !), and it's available over Tor to avoid leaking your IP address.
There's absolutely more that can be done here with e.g. Taproot key paths, Musig2, hopefully even OP_CHECKSIGFROMSTACK one day - but for now I wanted to focus on the existing wallet ecosystem ("meet your users where they are" and all that)
Instead of implementing some sort of slashing mechanism or fidelity bonds to ensure the signer doesn't go rogue, Sigbash makes use of what Mircea Popescu would have called a 'GPG contract' (https://nakamotoinstitute.org/mempool/gpg-contracts) - every xpub purchased comes with a PGP signed receipt that includes the hash, the signing conditions and an OpenTimestamp file attesting to when it was created. If the signer either fails to sign when it should (or signs when it shouldn't), users can post the receipt and effectively burn the key agent's reputation.
If you want to give it a try:
a) check the FAQ at https://sigbash.com and in particular the compatibility chart - not all wallets support non-standard derivation paths! and
b) use the checkout code BETATEST to get a free xpub to play with - which I plan on disabling when the in a few weeks when the halving comes, just as a heads up ;)
Thanks to everyone who helped to test this over the past few months, I couldn't have done it without you. A very special thanks to @Rob1Ham and @SahilCO for their early feedback and uncovering the nastiest of bugs, and @mflaxman for coming up with the idea for blinded xpubs back in 2020 (https://github.com/mflaxman/blind-xpub)
Back to your regularly scheduled shitposting ASAP, I promise :)
arbedout
npub15e…ayswk
2024-03-31 16:29:41
Author Public Key
npub15elf37hn9ujjptjhfkzzvff5u7u5vfwwp48pffgvjl3k9srtwu8qcayswkPublished at
2024-03-31 16:29:41Event JSON
{
"id": "8b32365465a517d66478290e7b3963575b3640fe27e298819a5b68232e88fac0",
"pubkey": "a67e98faf32f2520ae574d84262534e7b94625ce0d4e14a50c97e362c06b770e",
"created_at": 1711895381,
"kind": 1,
"tags": [
[
"r",
"https://sigbash.com"
],
[
"r",
"https://nakamotoinstitute.org/mempool/gpg-contracts)"
],
[
"r",
"https://sigbash.com"
],
[
"r",
"https://github.com/mflaxman/blind-xpub)"
]
],
"content": "Reposted from Xitter:\n\nBear markets are for building, bull markets are for... beta testing?\n\nI've been working on an automated multisig key agent I'm calling Sigbash (website: https://sigbash.com - use code BETATEST if you want to help kick the tires on it). \n\nSigbash implements browser-side xpub blinding, which is a fancy way of saying that, from the time a user is issued a key, right up until the key agent is asked to sign a transaction, the key agent *doesn't actually know anything about the key it issued*\n\nThis means that if the signing server is ever compromised or a bad actor somehow gets a hold of the seed phrase, they won't be able to discover anything about what it protects (!)\n\nQuick 🧵 below:\n\nTechie mumbo jumbo: when a user requests an xpub, Sigbash sends one to the client browser, and then on the client the WebCrypto API is used to choose a random derivation path to generate a new child xpub. A SHA256 hash of this xpub is sent to the Sigbash server; the hash is the only information the server has about the key until a request is made to sign a PSBT.\n\nWhen it's time to sign, the user submits the PSBT along with their xpub; the signing server takes the SHA256 hash of the submitted xpub and check whether there's a record of it, and if so returns a signed PSBT.\n\nInstead of having a human in the loop to confirm a signing request, a user can instead attach signing conditions to a key when it's issued- e.g. \"sign transactions submitted with this key immediately\", or \"only sign after a certain date\", or \"only after a certain block height\"\n\n along with \n\n\"sign only if this Bitcoin address has a balance greater or less than a certain number of satoshis\"\n\nor\n\n\"sign only if the global network hashrate is greater or less than a certain number of Terahash\", \n\nor \n\n\"sign only if the BTC/USD exchange rate is above or below a certain number\"\n\nI've tried to square the circle of making this as private as a multisig key agent can be while still being supported by as much of today's wallet software as possible - there are no trackers on the site, no accounts to set up or email addresses that can be harvested, no credit cards to bill (thanks @BtcpayServer !), and it's available over Tor to avoid leaking your IP address.\n\nThere's absolutely more that can be done here with e.g. Taproot key paths, Musig2, hopefully even OP_CHECKSIGFROMSTACK one day - but for now I wanted to focus on the existing wallet ecosystem (\"meet your users where they are\" and all that)\n\nInstead of implementing some sort of slashing mechanism or fidelity bonds to ensure the signer doesn't go rogue, Sigbash makes use of what Mircea Popescu would have called a 'GPG contract' (https://nakamotoinstitute.org/mempool/gpg-contracts) - every xpub purchased comes with a PGP signed receipt that includes the hash, the signing conditions and an OpenTimestamp file attesting to when it was created. If the signer either fails to sign when it should (or signs when it shouldn't), users can post the receipt and effectively burn the key agent's reputation.\n\nIf you want to give it a try:\n\na) check the FAQ at https://sigbash.com and in particular the compatibility chart - not all wallets support non-standard derivation paths! and\n\n b) use the checkout code BETATEST to get a free xpub to play with - which I plan on disabling when the in a few weeks when the halving comes, just as a heads up ;)\n\nThanks to everyone who helped to test this over the past few months, I couldn't have done it without you. A very special thanks to @Rob1Ham and @SahilCO for their early feedback and uncovering the nastiest of bugs, and @mflaxman for coming up with the idea for blinded xpubs back in 2020 (https://github.com/mflaxman/blind-xpub)\n\nBack to your regularly scheduled shitposting ASAP, I promise :)",
"sig": "d7996ad9f296b30dce10b563c02c39ff866c2dade348058a29ab9c2d330d11e5cce10b5c4c07c9e897a9af03501e5630a4c2177fd5843955c137f9310f661072"
}