BIP 322 draft design and improvement thread

[profedustream]

Thanks for your response. I've been requested in the Github BIP 322 thread to forward this to the mailing list. I've taken care of it.

It is possible, but tedious. If you can sign some message with a single key, then you can do it with multiple keys, just by providing N signatures. Unless you deploy N-of-N multisig, wrapped in Taproot address, then a single signature is sufficient.

If you have any information or bitcointalk post about it, please let me know. Currently, I haven't found any way to sign a message with a n-of-m multi-sig (n != m).

[EDIT]
Here is the discussion on the Bitcoin mailing list: https://groups.google.com/g/bitcoindev/c/RCi1Exs0ZvQ

[vjudeu]

Currently, I haven't found any way to sign a message with a n-of-m multi-sig (n != m).

In general, if you can sign a message with a single key, then you can do so with multiple keys, just by including multiple signatures. For example:

Code:

importdescriptors "[{\"desc\":\"pkh(cMahea7zqjxrtgAbB7LSGbcQUr1uX1ojuat9jZodMN87JcbXMTcA)#rpv80xem\",\"timestamp\":\"now\",\"label\":\"key\"}]"
importdescriptors "[{\"desc\":\"pkh(cMahea7zqjxrtgAbB7LSGbcQUr1uX1ojuat9jZodMN87K7XCyj5v)#fpg83s6d\",\"timestamp\":\"now\",\"label\":\"key2\"}]"

signmessage "mrCDrCybB6J1vRfbwM5hemdJz73FwDBC8r" "Hello World"
IGXH085B9ZEWwQqpO/zC9gtJZVES7DgLOHPONO5mbvCqXPI91aSz+/pYk/HK4w6NSYuzxgRi3qmNs/bTz9Pjr1o=
signmessage "mg8Jz5776UdyiYcBb9Z873NTozEiADRW5H" "Hello World"
IJ94zR6cD8snDDM2MlR4kXkr7WyaFbokViNC1pDAFfBDDMiI7ZlvD3Gbl2zKXw+DrprYB8DwI4fV5xPKNWh/sDw=

verifymessage "mrCDrCybB6J1vRfbwM5hemdJz73FwDBC8r" "IGXH085B9ZEWwQqpO/zC9gtJZVES7DgLOHPONO5mbvCqXPI91aSz+/pYk/HK4w6NSYuzxgRi3qmNs/bTz9Pjr1o=" "Hello World"
true
verifymessage "mg8Jz5776UdyiYcBb9Z873NTozEiADRW5H" "IJ94zR6cD8snDDM2MlR4kXkr7WyaFbokViNC1pDAFfBDDMiI7ZlvD3Gbl2zKXw+DrprYB8DwI4fV5xPKNWh/sDw=" "Hello World"
true

And then, you can say that both keys were used to sign the message "Hello World". But I think, using regtest transactions may be a better idea, because it provides more context into what is actually signed. Because in the classical "Bitcoin Message", you have to make sure, that signed data cannot be manipulated, and are for example committed to the public key. Because in other cases, you may also have valid signatures, created from unknown keys:

Code:

verifymessage "mgLpgMeX3LHzB11iUW3qfowPdVdgWYodGy" "GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE=" "Hello World"
true

[Greg Tonoski]

Is BIP-322 a failure case? Is it unfinished and isn't there any conclusion?

BIP322 is already merged, but as far as I am aware has not been deployed in any software. I do not know the reasons but work on it seems to have stopped. I would suggest that you reach out to the bitcoin developer mailing list if you would like to find out more or make an attempt to restart progress.

(https://github.com/bitcoin/bips/pull/1347#issuecomment-2092033174).

There is "simple" variant (taggedHash "BIP0322-signed-message") implemented in Sparrow: https://github.com/sparrowwallet/drongo/blob/f8f50c0dd907fac674ea363443b96772b6a0b658/src/main/java/com/sparrowwallet/drongo/crypto/Bip322.java#L18
and
https://github.com/ACken2/bip322-js
and
https://docs.rs/bip322/0.0.7/bip322/.
Anywhere else?

(I haven't verified if the implementations above are compatible).

I am grateful to aliashraf for thoughtful analysis and suggestions.

[garlonicon]

Is BIP-322 a failure case?

Well, it is used in Signet. If you compare, what is signed in Signet blocks, and what message is signed by this BIP, then you will note, that they are similar.

Is it unfinished and isn't there any conclusion?

My conclusion is, that if you start a new regtest node, mine some coins on the desired outputs, and then ask someone, to sign specifically those outputs, then you will get roughly the same outcome, as you can get from this BIP, but easier, and with already working implementation.