signing message from segwit adress

[Lincoln6Echo]

Hi there,

I was wondering the othe day when will it possible to sign a message when using a segwit adress. It is an important feature to me and I still didn't transfer most of my funds to a segwit adress because segwit adresses lack this feature.

Is there a timeline available when a standard for signing with segwit wil be available or is it technical impossible to do?

[achow101]

Message signing is done with private and public keys. Addresses are neither of those; the are representations of an output script. You can't sign with an output script. Signing a message with an address should never have been called that in the first place; the address is not a public key so it can't be used to sign or verify anything. So no, it is technically impossible because it is impossible to know what script you want a public key to map to to get the address a message was signed with.

[Lincoln6Echo]

Message signing is done with private and public keys. Addresses are neither of those; the are representations of an output script. You can't sign with an output script. Signing a message with an address should never have been called that in the first place; the address is not a public key so it can't be used to sign or verify anything. So no, it is technically impossible because it is impossible to know what script you want a public key to map to to get the address a message was signed with.

Thank you for your fast reply.

Yeah I know that public key is not the public adress.
Nevertheless with old adress format it is possible to 'sign' a message but with segwit adress it's not. Why is that?

[Xynerise]

Culled from Reddit:

"All of the signature validation software that I've seen expects a P2PKH address to resolve. Signing with a P2SH-P2WPKH address could be done by deriving the P2PKH address from the privkey, signing with the privkey, and including the P2PKH address along with the signed message. This probably isn't done due to UI.UX concerns whereby the signer might believe that a wrong privkey is being used. Other than that, it's certainly possible.

The situation is similar with sweeping addresses. We derive both P2PKH and P2SH-P2WPKH for sweeping now, so sweeping P2SH-P2WPKH addresses using the privkey is possible.

Something like this: https://pastebin.com/zZCmzsJr"
Segwit addresses are P2SH-P2WPKH and you can't sign messages against P2SH, for example you can't sign a message with a multisig wallet.




By the way, Samouri Wallet for Android has a new option to sign messages with Segwit transactions so it's definitely possible:
http://blog.samouraiwallet.com/post/167306611667/wallet-update-097-coin-control-dust-tx-alerts

Anyone can correct me if I'm wrong.

[achow101]

Yeah I know that public key is not the public adress.
Nevertheless with old adress format it is possible to 'sign' a message but with segwit adress it's not. Why is that?

Because when you "sign with an address" the signer and verifier expect a P2PKH address. It is certainly possible "sign with a segwit address" but the signer would have to somehow signal that the corresponding address is for segwit, or the verifier would need to generate P2PKH, P2SH-P2WPKH, and P2WPKH addresses. Currently it is impossible because there is no standard for how to determine what kind of address "signed" a given message. In fact, there is no standard for message signing anyways.