Is there a point to signmessage after sending from an address?

[jnano]

As far as I understand, signmessage just proves knowledge of the pubkey in a P2PKH. Once you send from an address the explicit pubkey becomes known. Ignoring "don't reuse addresses", am I correct in understanding that once you spend a TXO sent to an address there's no point anymore in signmessage for that address?

And if so, why does signmessage prove knowledge of the pubkey instead of the privkey?
I get the impression almost everyone believes it's there to prove privkey control.

[RGBKey]

And if so, why does signmessage prove knowledge of the pubkey instead of the privkey?
I get the impression almost everyone believes it's there to prove privkey control.

It does prove control of the private key. Signmessage signs a message. This message could be anything, and it produces a cryptographic signature proving that the owner of the private key corresponding to a public key known by a third party was the origin of the message.

It is definitely useful after you send from an address. For example, signmessage could be used to sign a message stating that "I, <insert name here>, was the one that sent this money".

I highly suggest you read an explanation on cryptographic message signing if you are unfamiliar with this.

[Xynerise]

As far as I understand, signmessage just proves knowledge of the pubkey in a P2PKH. Once you send from an address the explicit pubkey becomes known. Ignoring "don't reuse addresses", am I correct in understanding that once you send from an address there's no point anymore in signmessage for that address?

There are many possible reasons for proving ownership of a pubkey or pubkeyhash (address):
- proving identity, for example here in Bitcointalk forum. If you "staked" your address here before and you account gets hacked, you can easily prove ownership of the account by signing a message proving ownership of the address in question.
- dispute resolution with a merchant: you spent all the UTXO associated with an address in a transaction to a merchant but there was an error, perhaps you weren't able to make a payment within the specified time frame, so even though your bitcoin was received by the merchant, you weren't credited because the time frame had expired. You open a dispute with the merchant and prove YOU sent bitcoin to the merchant"from" that address by signing a message.

That's from the top of my head, other users may have more creative reasons.

And if so, why does signmessage prove knowledge of the pubkey instead of the privkey?
I get the impression almost everyone believes it's there to prove privkey control.

Because you sign a message WITH the private key, and the message is checked AGAINST the public key.
If you can sign a message that verifies against a public key, it proves that you have control over that private key.

Addendum: bitcoin addresses are hashes of the public key, and the UI for verifying messages does not include the field to input the public key because it can be calculated from the message signed and the signature.

[hugeblack]

sign message has nothing to do with the blockchain or bitcoin(You do not need to pay) but it is just proof that you can access to your private key(Thus you can spend money/bitcoins).
When you sign a message, you create a signature associated with the address and the message itself and a change will occur when you add anything to that message(even space or comma).
Read this ----> https://gist.github.com/gavinandresen/4120476
Avoid using such words when signing any message

Code:

yes, I sent that money;
yes, I Received that money;
I agree.
You can send money.
I'm jnano.

Also, remember to add time and date and be precise in the description so that the message can not be used again

[jnano]

I can't find what I read before so maybe I'm misinterpreting.

Can anyone explain this (also said differently here):

The message signing rules for signmessage guarantee only that the signer will receive coins sent to the address in question. It does not guarantee possession of a balance or UTXOs in any sense.

[wilwxk]

I can't find what I read before so maybe I'm misinterpreting.

Can anyone explain this (also said differently here):

The message signing rules for signmessage guarantee only that the signer will receive coins sent to the address in question. It does not guarantee possession of a balance or UTXOs in any sense.

The act of sign a message will only prove the possession of your address (the hash of your public key), but this funtion is different from the function of sign a transaction, the first one is used in cases where only your identity is needed (there is no bitcoins/money in the process ), and the function of sign a transaction is when you create a new transaction and you need to prove your possession of the bitcoins (=possession of the UTXOs) so the nodes can guaranty that you are the owner of the cois which you are sending.

[DannyHamilton]

Can anyone explain this (also said differently here):

The message signing rules for signmessage guarantee only that the signer will receive coins sent to the address in question. It does not guarantee possession of a balance or UTXOs in any sense.

luke-jr is being pedantic, but the technical details matter in that particular conversation.

An example that luke-jr provided was one where someone without access to the private key requests that a system which does have access to the private key perform the signing for them.

[jnano]

different from the function of sign a transaction

Isn't it exactly what people expect from such a feature, to sign a message the same way they would sign a tx, thus proving in advance the ability to send "from that address"?

An example that luke-jr provided was one where someone without access to the private key requests that a system which does have access to the private key perform the signing for them.

The same pedanticism would also apply to the act receiving, rather than sending, no? If you don't control the privkey what makes that address your own in any sense?

If it's meant to say that's receiving into something like a web wallet's address doesn't imply being able to send out exactly those same TXOs, that seems obvious. But I thought signing was anyway about proving control over privkeys that really are your own.