Proving ownership of an address with a message

[Jeronaba]

Hi, 

I need to prove the ownership of an address with a signed message.
So if I understood well, I have to give the other person the message, the address, and the signature that was generated ?
Is it known to pose a privacy problem to give these informations ?
I saw that you could sign a transaction offline. In my case, is it recommended in terms of privacy or not ?

Thank you!

[1715429836]

1715429836

[1715429836]

1715429836

[1715429836]

1715429836

[User365]

Hi, 

I need to prove the ownership of an address with a signed message.
So if I understood well, I have to give the other person the message, the address, and the signature that was generated ?
Is it known to pose a privacy problem to give these informations ?
I saw that you could sign a transaction offline. In my case, is it recommended in terms of privacy or not ?

Thank you!

Normally it happens like this:

1) you receive a message from your opponent which you shall sign (f.e. I would give you user365 1.Aug.2017)
2) You sign it within your wallet with your btc address, therefore you need your privkey (wallet manages that automatically)
3) the signed message is sent to your opponent
4) he can verify the message with your public address

no privacy problem here as far as I am concerned

[ranochigo]

So if I understood well, I have to give the other person the message, the address, and the signature that was generated ?

Yes.

Is it known to pose a privacy problem to give these informations ?

Yes. By signing a message with the information eg. Jeronaba 1/8/2017, you are essentially telling them you control the address and every transaction is made by or for you. You are also giving the public key in the signature, not much in terms of privacy since it is sent during a transaction from the address as well.

I saw that you could sign a transaction offline. In my case, is it recommended in terms of privacy or not ?

Thank you!

It doesn't make a huge difference. The reason for signing a transaction offline is more for security. If your address is kept online, signing it offline doesn't change anything.

[DannyHamilton]

Think carefully about the message you sign, and make sure that someone else can't re-use the message and signature to pretend to be you.

For example:

I could ask you to sign the following message:
"I have exclusive control over the funds in address 1YourAddressHere"

(replacing 1YourAddressHere with your actual address).

If you signed that address, then I could lie to someone else and tell them that the address is mine.  I could then just forward them the message and signature that you sent me, and they would see a valid message and signature.

On the other hand, if you signed the following message:
"On 2017-08-01 at 13:48:00 UTC DannyHamilton is requesting that I, Jeronaba, sign this message to prove that I have exclusive control over the funds in address 1YourAddressHere as of that moment."

Then it would be much more difficult for me to forward that message on to anyone and have them be fooled.  First I would need to convince them that I am "Jeronaba", then I'd somehow need to convince them that they are "DannyHamilton", and finally I'd have to convince them that they asked me for the message "On 2017-08-01 at 13:48:00 UTC".

[philipma1957]

Think carefully about the message you sign, and make sure that someone else can't re-use the message and signature to pretend to be you.

For example:

I could ask you to sign the following message:
"I have exclusive control over the funds in address 1YourAddressHere"

(replacing 1YourAddressHere with your actual address).

If you signed that address, then I could lie to someone else and tell them that the address is mine.  I could then just forward them the message and signature that you sent me, and they would see a valid message and signature.

On the other hand, if you signed the following message:
"On 2017-08-01 at 13:48:00 UTC DannyHamilton is requesting that I, Jeronaba, sign this message to prove that I have exclusive control over the funds in address 1YourAddressHere as of that moment."

Then it would be much more difficult for me to forward that message on to anyone and have them be fooled.  First I would need to convince them that I am "Jeronaba", then I'd somehow need to convince them that they are "DannyHamilton", and finally I'd have to convince them that they asked me for the message "On 2017-08-01 at 13:48:00 UTC".

The time  dating is very effective method.  At times I ask for a specific dust amount  rather then a message.

0.0000xxxx    where the xxxx is a number I chose for a person to send from the address they  are trying to prove is their address.

if a 10000 to 1  seems not secure  I ask for a second  send   of 0.0000xxxx which makes it 10,000 squared.  this was good when fees were low.

now that coin is up to 2800 usd and fees are 0.001 at times  this is not very effective.  I may go to time stamping.

I liked the dust on demand as it was simple for a new person to do correctly.

[Jeronaba]

Thanks all for your answers!

Wow, you're scaring me now. I thought it was going to be a normal and known procedure.

EDIT: I specify that I was asked to do this procedure for an old transaction, not a future one.

So to sum up, I'll have to write a message specific to the situation with also a name that identifies me and a name that identifies him and a date. And signing online and giving him the public key in the signature does not pose a problem.

If I do all the steps above, I can then proceed without risk?

[DannyHamilton]

So to sum up, I'll have to write a message specific to the situation with also a name that identifies me and a name that identifies him and a date.

That's one option.  The specific method isn't important. What's important is that you think about what you are signing, and determine if the message and signature could be re-used.

giving him the public key in the signature does not pose a problem.

As long as the signature was created by properly written software, it should be fine.  If you are using some closed source software, or software that hasn't been reviewed by knowledgeable people, then there is a chance that the signing software could have a bug that leaks the private key with the signature.

And signing online

What do you mean when you say "signing online"?  Are you using a website to generate the signature?  That would be bad, since you'd have to give the website your private key.  Are you just using software on a computer that is connected to the internet?  How did you generate the address or original transaction? Were they created on an offline computer?

If I do all the steps above, I can then proceed without risk?

There is no such thing as 0 risk in life.  All you can do is manage and mitigate risk.  There is always more that can be done, but it isn't always reasonable to do so in a given circumstance.

[Jeronaba]

That's one option.  The specific method isn't important. What's important is that you think about what you are signing, and determine if the message and signature could be re-used.

OK

As long as the signature was created by properly written software, it should be fine.  If you are using some closed source software, or software that hasn't been reviewed by knowledgeable people, then there is a chance that the signing software could have a bug that leaks the private key with the signature.

What do you mean when you say "signing online"?  Are you using a website to generate the signature?  That would be bad, since you'd have to give the website your private key.  Are you just using software on a computer that is connected to the internet?  How did you generate the address or original transaction? Were they created on an offline computer?

I will sign the message with Electrum while being online, that's what I meant.

[DannyHamilton]

I will sign the message with Electrum while being online, that's what I meant.

As long as that Electrum wallet has been online in the past and has been used to send bitcoin transactions, then you are not increasing your risk by signing a message while it is connected to the internet.  The risk will be the same as if you sent a transaction from that same address.

[Jeronaba]

As long as that Electrum wallet has been online in the past and has been used to send bitcoin transactions, then you are not increasing your risk by signing a message while it is connected to the internet.  The risk will be the same as if you sent a transaction from that same address.

OK, I'll procced with the message then.
 Thank you, and sorry if the answers seemed obvious, but I prefer to be careful.