Bitcoin Forum

Hello,

I am new to this community.

I just learned that Segwit addresses cannot be signed because there is no standard to validate it.

is this function going to be implemented in the future in segwit address?

I was considering moving my funds to a Legacy wallet to have this function. I am a hodler, transaction fees do not matter to me, I won't be sending funds anywhere.

You don't need to move your funds into a segwit address if you are a holder. Im a hodler myself and I can't be bothered to move all my coins to a new segwit wallet, I would need to generate a ton of addresses too and pay a ton of fees too for all of these transactions, im not looking forward to that.

I didn't know you couldn't use segwit adresses to sign messages. This could be a problem for new people in this forum, if they start using segwit addresses from day 1 and never post a legacy address to prove their identity, they could never be able to recover their forum account, at least until you can use segwit addresses to sign and validate messages.

OP which wallet are you using? Because electrum can very well sign and verify messages signed from bech32 addresses. I think some of the other segwit wallets like samurai don't have a feature to sign message yet. I'm assuming since electrum can sign message then bitcoin core 0.16 also should be able to do that when its released.

Just signed one with electrum.

I am using ledger nano wallet.

I was trying to sign a message to Byteballs, and they said it Segwit address cannot sign messages.

I searched for information about this in Ledger Nano community in Reddit, and they confirmed it. You can sign, but no one would be able to verify it.
https://www.reddit.com/r/ledgerwallet/comments/7o1jo3/how_can_you_sign_a_message_on_ledgers_bitcoin_app/

I always used Legacy, just moved my funds to a Segwit and discovered this...

Fees are really low on Segwit, it would cost me 2 usd to transfer, i was pretty satisfied with it.

Known issue.  There are some subtle problems here.  I’ve wanted to kick around ideas for a potential BIP, but it’s been fairly low on my list.

https://github.com/bitcoin/bitcoin/issues/10542

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015374.html

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/thread.html#15374

See especially:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015441.html

(I seem to recall further discussion last month, but I can’t find it now.  It may be a memory bitflip.)

---

I know this, too.  I have not yet tried to figure out what Electrum is doing; but it’s nonstandard.  Core cannot verify those signatures (as I know for certain), and AFAIK that will not change with v0.16.

My doubt, regarding signing in segwit address is if this is a "bug" and will soon be corrected, or is it an abandoned feature?

If the later is the case, i will probably move back to legacy addresses... I fear to lose airdrops, which may be quite significant.

It is neither a bug nor an abandoned feature. It is just that we are still working on creating a more generalized signing scheme that lets people sign with things like P2SH addresses (e.g. sign with a multisig address). There is simply no standard yet for signing with such scripts or with Segwit.

Note that you don't actually sign with an address. You sign with a public-private keypair and your wallet interprets it as an address. Your wallet could just as easily interpret it as a segwit address. We are working on creating something that actually specifies the address type, and more generally, allows signing with scripts.

I think there will eventually be a standard way to sign and verify messages with segwit addresses. But currently, almost nobody will be able to (easily) verify a segwit address signed message.


A signing standard that allows signed messages from multisig addresses would be incredible, I hope progress is made on this eventually.

Thank you for answers. I will be waiting for a solution then and stick to my segwit address.

I tried signing a message using ledger nano S, for my segwit address but the output that was generated was totally different including the address. I wanted to sign a message for segwit but I got a signed message for a random legacy address. Thoughts?

I searched about this in Ledger Nano subreddit. They said that you when you sign a message with your Segwit wallet, your message will be sign by the legacy address... just as you said.

Yesterday I added my signed message to the Tomatocage's thread for stacking bitcoin addresses, but then I realize that I cannot verify it online, only in my wallet, and deleted my post. No point to post it if it cannot be verified online.
So thankfully found this thread and I know why. Almost no info in Google tho.
Seems that the SegWit addresses cannot be used to sing messages at the moment, even if you have this feature in the wallet.
I guess I have to create a normal address only to verify my account here.

What's the problem when you can do it with electrum?
NOTE: To stake your Bitcoin address, why don't you use Legacy address till a solution is found?


Things are still being developed before such a feature is allowed, because if any bugs take place in this, many scams will take place under signed messages. It's better to wait, or use Electrum's Bech32's addresses as they are completely verifiable in the wallet itself. There's nothing else that anyone here knows about, which either allows you to sign or verify a message from SegWit addresses.

I think the problems comes in with the different implementation of SegWit by these wallet providers. I signed a SegWit

address with Electrum a while ago and someone used a Brainwallet app to read it and they were unable to verify it. The two

different implementations of SegWit is causing all the problems at the moment. Just use the same tool to verify, if in any way

possible. {just until a more permanent solution or standard is established}  ::)

I agree with you, no reason to sign messages from segwit using electrum if it cannot be verified and if it's non standard. Your signature would be worthless.

You can download some mobile wallet such as coinomi and sign a message from there, much better to protect your account and done in 5 minutes.

Offtopic: This was one of my firsts posts in bitcointalk.  Thanks to this issue I had when recovering some byteballs (which requires signing messages) I discovered how good this forum is. Pretty happy to see it's still useful :)

It is not the segwit 'implementations' who cause a failure when signing/verifying messages.

You can't verify messages signed with with P2SH addresses since you can't know whether the public key corresponds to a nested p2wpkh address.
You can't be sure what p2sh address it would correspond to, since a public key can be a part of multiple ps2sh addresses.

With a p2pkh address, on the other hand, the public key only corresponds to one p2pkh address.

Any news, particularly regarding such a feature in Core?

You might want to read the thread more carefully.

This is not a 'feature missing from core'. There is no standard yet. It is not defined how to exactly create AND verify messages signed from segwit addresses.

Electrum decided to implement this feature. But those messages will only be verifiable through electrum. Not trough any other wallet which offers segwit message signing.

If core (and any other wallet) was to add this 'feature' without a standard, we'd have 30 different types to create/validate signed messages. And you'd need to always use the same wallet as the signer of the message to verify it.
It is better to first agree on a standard, then let every wallet implement it. This way the messages will be verifiable between different wallets from anyone.

There has been a BIP (https://github.com/bitcoin/bips/blob/master/bip-0322.mediawiki) made regarding a generic message signing format. Such a format would be able to be used for segwit, non-segwit, and any future changes. It is still being actively discussed however, so it probably won't go into Core or any other wallet software anytime soon.

Thanks achow.

Besides a comprehensive standard everyone agrees on, another possible solution is for Core to implement its own flavor, even for just a subset of the cases. A Core-only implementation is better than nothing (though it would likely turn into a de facto standard anyway). There's no real harm in having intermediate standards, as it doesn't add burden to the blockchain or network, as far as I can tell? Waiting a few more months for a complete standard may be better, I suppose, but not a few years.


I have read the thread carefully to begin with. The question was still valid, and indeed achow knew where it stands.


P.S., if anyone's interested, the 3/2018 discussion that lead to BIP322:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-March/015818.html

Trezor signed messages using a 3 address can be verified here:

https://jhoenicke.github.io/brainwallet.github.io/#verify
This site appears to verify the new addresses.

While this one:
https://brainwalletx.github.io/#verify
Does not.

Addresses starting with bc1 don't appear to work on either site.

For example: