Bitcoin Forum
December 11, 2017, 07:55:14 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: signing message from segwit adress  (Read 278 times)
Lincoln6Echo
Legendary
*
Offline Offline

Activity: 1834


Don't use bitcoin.de if you care about privacy!


View Profile
November 13, 2017, 04:26:26 PM
 #1

Hi there,

I was wondering the othe day when will it possible to sign a message when using a segwit adress. It is an important feature to me and I still didn't transfer most of my funds to a segwit adress because segwit adresses lack this feature.

Is there a timeline available when a standard for signing with segwit wil be available or is it technical impossible to do?

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
1513022114
Hero Member
*
Offline Offline

Posts: 1513022114

View Profile Personal Message (Offline)

Ignore
1513022114
Reply with quote  #2

1513022114
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513022114
Hero Member
*
Offline Offline

Posts: 1513022114

View Profile Personal Message (Offline)

Ignore
1513022114
Reply with quote  #2

1513022114
Report to moderator
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1246


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
November 13, 2017, 05:03:34 PM
 #2

Message signing is done with private and public keys. Addresses are neither of those; the are representations of an output script. You can't sign with an output script. Signing a message with an address should never have been called that in the first place; the address is not a public key so it can't be used to sign or verify anything. So no, it is technically impossible because it is impossible to know what script you want a public key to map to to get the address a message was signed with.

Lincoln6Echo
Legendary
*
Offline Offline

Activity: 1834


Don't use bitcoin.de if you care about privacy!


View Profile
November 13, 2017, 08:12:11 PM
 #3

Message signing is done with private and public keys. Addresses are neither of those; the are representations of an output script. You can't sign with an output script. Signing a message with an address should never have been called that in the first place; the address is not a public key so it can't be used to sign or verify anything. So no, it is technically impossible because it is impossible to know what script you want a public key to map to to get the address a message was signed with.
Thank you for your fast reply.

Yeah I know that public key is not the public adress.
Nevertheless with old adress format it is possible to 'sign' a message but with segwit adress it's not. Why is that?

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
Xynerise
Jr. Member
*
Offline Offline

Activity: 53


View Profile
November 13, 2017, 10:22:46 PM
 #4

Culled from Reddit:

"All of the signature validation software that I've seen expects a P2PKH address to resolve. Signing with a P2SH-P2WPKH address could be done by deriving the P2PKH address from the privkey, signing with the privkey, and including the P2PKH address along with the signed message. This probably isn't done due to UI.UX concerns whereby the signer might believe that a wrong privkey is being used. Other than that, it's certainly possible.

The situation is similar with sweeping addresses. We derive both P2PKH and P2SH-P2WPKH for sweeping now, so sweeping P2SH-P2WPKH addresses using the privkey is possible.

Something like this: https://pastebin.com/zZCmzsJr"
Segwit addresses are P2SH-P2WPKH and you can't sign messages against P2SH, for example you can't sign a message with a multisig wallet.




By the way, Samouri Wallet for Android has a new option to sign messages with Segwit transactions so it's definitely possible:
http://blog.samouraiwallet.com/post/167306611667/wallet-update-097-coin-control-dust-tx-alerts

Anyone can correct me if I'm wrong.
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1246


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
November 13, 2017, 10:59:45 PM
 #5

Yeah I know that public key is not the public adress.
Nevertheless with old adress format it is possible to 'sign' a message but with segwit adress it's not. Why is that?
Because when you "sign with an address" the signer and verifier expect a P2PKH address. It is certainly possible "sign with a segwit address" but the signer would have to somehow signal that the corresponding address is for segwit, or the verifier would need to generate P2PKH, P2SH-P2WPKH, and P2WPKH addresses. Currently it is impossible because there is no standard for how to determine what kind of address "signed" a given message. In fact, there is no standard for message signing anyways.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!