๐
Original date posted:2015-10-04
๐ Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Jean Pierre,
This is a problem I've considered before, though I have to say I prefer
your solution.
The problem is, how can a person who restores his wallet from just a
seed restore
all his multi-signature addresses with other parties?
Your proposal is nice because all participants are equal, and it
minimalizes the data
required for recovery because it's deterministic, and the (extended)
public key is the first
piece of metadata you'll ask for from others.. Let it be the only thing
we need!
Regards amending BIP45 - BIP's are not amended after the fact, however
bad it may be
in retrospect. It might be best to write a BIP specifying a
"pseudorandom & deterministic
path generation for HD/multi-signature accounts"
TK
On 04/10/15 16:18, Jean-Pierre Rupp via bitcoin-dev wrote:
> I have a possible solution:
>
> Take all public keys encoded in the purpose-specific extended public
> keys (m/45') of all cosigners and sort them lexicographically, according
> to BIP-45. Serialize this information and calculate its HASH160
> (RIPEMD160 โ HASH256). Split the output in five 32-bit chunks, setting
> the MSB on all of them to 0. Use these 32-bit chunks to build a
> derivation path from the purpose-specific extended public keys. Treat
> this derivation path as if it was the purpose-specific extended public
> key in BIP-45.
>
> This scheme will avoid public key sharing, and as long as you share your
> purpose-specific extended public key only with your cosigners, it should
> be relatively hard for a passive observer to link activity between
> different cosigning accounts.
>
> On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote:
>> Hello,
>>
>> I have been reviewing BIP-45 today. There is a privacy problem with it
>> that should at least be mentioned in the document.
>>
>> When using the same extended public key for all multisig activity, and
>> dealing with different cosigners in separate multisig accounts, reuse of
>> the same set of public keys means that all cosigners from all accounts
>> will be able to monitor multisig activity from every other cosigner, in
>> every other account.
>>
>> Besides privacy considerations, HD wallet's non-reuse of public keys
>> provide some defence against wallets that do not implement deterministic
>> signing, and use poor entropy for signature nonces.
>>
>> Unless users are expected to establish a single cosigning account, this
>> scheme will result in reuse of public keys, and degradation of privacy.
>>
>> I understand that for convenience it is useful to have a single extended
>> public key that can be handed to every cosigner. This makes setting up
>> accounts or recovering from data loss a easier.
>>
>> I suggest that privacy & potential security degradation due to increased
>> public key reuse in the case of users with multiple multisig accounts
>> should get a mention in the BIP-45 document.
>>
>> Greetings
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
- --
My PGP key can be found here: <https://thomaskerin.io/me.pub.asc>;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWEWDlAAoJEAiDZR291eTlFAkQALgiiKX+VzLOwLK13S0EcE0v
RZeC8hqS5AEi/wpOYC2H0TFaHhDqDgy7Pt7nTt/vfOr9QFbJm076I/iFIhLPPAWf
rRg5kzL6ebOyX1NLmALcNgE9L+Jwz09kdzLUj+xZesJfu1AiSMgND38vFq4CmRfg
YSnWI4iMSP3OoMO5Akjq7m9Ww/lENPDmxTrz2ET9KwKPEkjrdt3c0ipQcs+/vGuU
RfRCUwxcdu/0nl5JhltxMV6wUMjdJ3AGbamWZpL+vA+jT5paOd4ORjc64huQGtFQ
W7l8ynbbVqtXlYYs9mXCMm70316sdo5ZpOXzQmplwtuHWVYt9ssS1aLkBoLYCBtU
i95Ki79S2ooeIjDEqI6FKpgVnLTmUbhudg/vk7eA0+RoNh3SBEHV2HmZ5yTBNtjk
P2a2tRmrbe3CmrdogbJzaweZenzoR82PziF7DAb/2JqtccPSdTW/GrAGyCoe0O5B
PId/iELHKpQepvybp+5PI6q2Atgzut4ze+a2vBiXjbiU3j0sX0XWg5fu9R9Ea1Bw
5+BY71GSa20OTDYEsp5esrl5/AUFj4ivB2OWFok77nGi2rTK+rKL3qMvbmYjAKUV
rWN4m6r8pU2hdhBCEJkXjg57whiMYn5w7ILlrbK5lLEu5qo0txoRtBPaid+y4mkK
moZU0LtvSQSX6ZaojQ/v
=Vs6z
-----END PGP SIGNATURE-----
Thomas Kerin [ARCHIVE] /
npub1e4โฆnt5am
2023-06-07 19:42:21
in reply to nevent1qโฆ0ayt
Author Public Key
npub1e4azew50kk9xzvfpqxzlyftkjt6kken0kf9lnncpdj524f9y4cqsfnt5amPublished at
2023-06-07 19:42:21Event JSON
{
"id": "b8002f8d211eb1471dc51994fed09429c555ce41794f124abd2d64eba944d1d6",
"pubkey": "cd7a2cba8fb58a6131210185f2257692f56b666fb24bf9cf016ca8aaa4a4ae01",
"created_at": 1686159741,
"kind": 1,
"tags": [
[
"e",
"3e46f2c62587acdbda9b227056f9de6eaf13013e7c73db7dc59fc81adea6f4b6",
"",
"root"
],
[
"e",
"5b232cc0954c6c06aaa14161e04bf973d7b6d9211f60f9e4a7c18fb67771b187",
"",
"reply"
],
[
"p",
"26f7e62ba6dc9195d80cbebfe2bde09da82ebce54e39e84c507693470894a669"
]
],
"content": "๐
Original date posted:2015-10-04\n๐ Original message:-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nHi Jean Pierre,\n\nThis is a problem I've considered before, though I have to say I prefer\nyour solution.\n\nThe problem is, how can a person who restores his wallet from just a\nseed restore\nall his multi-signature addresses with other parties?\n\nYour proposal is nice because all participants are equal, and it\nminimalizes the data\nrequired for recovery because it's deterministic, and the (extended)\npublic key is the first\npiece of metadata you'll ask for from others.. Let it be the only thing\nwe need!\n\nRegards amending BIP45 - BIP's are not amended after the fact, however\nbad it may be\nin retrospect. It might be best to write a BIP specifying a\n\"pseudorandom \u0026 deterministic\npath generation for HD/multi-signature accounts\"\n\nTK\n\nOn 04/10/15 16:18, Jean-Pierre Rupp via bitcoin-dev wrote:\n\u003e I have a possible solution:\n\u003e\n\u003e Take all public keys encoded in the purpose-specific extended public\n\u003e keys (m/45') of all cosigners and sort them lexicographically, according\n\u003e to BIP-45. Serialize this information and calculate its HASH160\n\u003e (RIPEMD160 โ HASH256). Split the output in five 32-bit chunks, setting\n\u003e the MSB on all of them to 0. Use these 32-bit chunks to build a\n\u003e derivation path from the purpose-specific extended public keys. Treat\n\u003e this derivation path as if it was the purpose-specific extended public\n\u003e key in BIP-45.\n\u003e\n\u003e This scheme will avoid public key sharing, and as long as you share your\n\u003e purpose-specific extended public key only with your cosigners, it should\n\u003e be relatively hard for a passive observer to link activity between\n\u003e different cosigning accounts.\n\u003e\n\u003e On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote:\n\u003e\u003e Hello,\n\u003e\u003e\n\u003e\u003e I have been reviewing BIP-45 today. There is a privacy problem with it\n\u003e\u003e that should at least be mentioned in the document.\n\u003e\u003e\n\u003e\u003e When using the same extended public key for all multisig activity, and\n\u003e\u003e dealing with different cosigners in separate multisig accounts, reuse of\n\u003e\u003e the same set of public keys means that all cosigners from all accounts\n\u003e\u003e will be able to monitor multisig activity from every other cosigner, in\n\u003e\u003e every other account.\n\u003e\u003e\n\u003e\u003e Besides privacy considerations, HD wallet's non-reuse of public keys\n\u003e\u003e provide some defence against wallets that do not implement deterministic\n\u003e\u003e signing, and use poor entropy for signature nonces.\n\u003e\u003e\n\u003e\u003e Unless users are expected to establish a single cosigning account, this\n\u003e\u003e scheme will result in reuse of public keys, and degradation of privacy.\n\u003e\u003e\n\u003e\u003e I understand that for convenience it is useful to have a single extended\n\u003e\u003e public key that can be handed to every cosigner. This makes setting up\n\u003e\u003e accounts or recovering from data loss a easier.\n\u003e\u003e\n\u003e\u003e I suggest that privacy \u0026 potential security degradation due to increased\n\u003e\u003e public key reuse in the case of users with multiple multisig accounts\n\u003e\u003e should get a mention in the BIP-45 document.\n\u003e\u003e\n\u003e\u003e Greetings\n\u003e _______________________________________________\n\u003e bitcoin-dev mailing list\n\u003e bitcoin-dev at lists.linuxfoundation.org\n\u003e https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev\n\n- -- \nMy PGP key can be found here: \u003chttps://thomaskerin.io/me.pub.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQIcBAEBCgAGBQJWEWDlAAoJEAiDZR291eTlFAkQALgiiKX+VzLOwLK13S0EcE0v\nRZeC8hqS5AEi/wpOYC2H0TFaHhDqDgy7Pt7nTt/vfOr9QFbJm076I/iFIhLPPAWf\nrRg5kzL6ebOyX1NLmALcNgE9L+Jwz09kdzLUj+xZesJfu1AiSMgND38vFq4CmRfg\nYSnWI4iMSP3OoMO5Akjq7m9Ww/lENPDmxTrz2ET9KwKPEkjrdt3c0ipQcs+/vGuU\nRfRCUwxcdu/0nl5JhltxMV6wUMjdJ3AGbamWZpL+vA+jT5paOd4ORjc64huQGtFQ\nW7l8ynbbVqtXlYYs9mXCMm70316sdo5ZpOXzQmplwtuHWVYt9ssS1aLkBoLYCBtU\ni95Ki79S2ooeIjDEqI6FKpgVnLTmUbhudg/vk7eA0+RoNh3SBEHV2HmZ5yTBNtjk\nP2a2tRmrbe3CmrdogbJzaweZenzoR82PziF7DAb/2JqtccPSdTW/GrAGyCoe0O5B\nPId/iELHKpQepvybp+5PI6q2Atgzut4ze+a2vBiXjbiU3j0sX0XWg5fu9R9Ea1Bw\n5+BY71GSa20OTDYEsp5esrl5/AUFj4ivB2OWFok77nGi2rTK+rKL3qMvbmYjAKUV\nrWN4m6r8pU2hdhBCEJkXjg57whiMYn5w7ILlrbK5lLEu5qo0txoRtBPaid+y4mkK\nmoZU0LtvSQSX6ZaojQ/v\n=Vs6z\n-----END PGP SIGNATURE-----",
"sig": "9057b4021cce9ea7f17bd59b497681d7fe46da6e3ad0be486f7c1ec50781ee77c2d864294ce7c59b612789ae888ae7af402eb4a155c31a17d0d0ee8c471e322d"
}