way to sign/verify to prove ownership of an address without revealing it?

[samadamsbeer]

I understand I can sign a message Y to prove I own an address X that produces a hash Z. However is there a way to sign/verify to prove ownership of X without revealing X? This would be for purposes of establishing ownership in documentation now in case of audit later. I imagine in said document you could simply reveal Y & Z but in theory, an attacker could then cycle thru known addresses until one hash matches, so was looking to avoid this. Is the simplest method to just hash the revealed components one more time, withholding one of the inputs?

[1715428229]

1715428229

[1715428229]

1715428229

[komisariatku]

I understand I can sign a message Y to prove I own an address X that produces a hash Z. However is there a way to sign/verify to prove ownership of X without revealing X? This would be for purposes of establishing ownership in documentation now in case of audit later. I imagine in said document you could simply reveal Y & Z but in theory, an attacker could then cycle thru known addresses until one hash matches, so was looking to avoid this. Is the simplest method to just hash the revealed components one more time, withholding one of the inputs?

Do you mean verify the sign message without including the wallet address? If that can be done, how can a signature be proof that you own the address if you don't provide the address? privatkey has a long combination and makes it have a very high probability that it is almost impossible to hack.

So in my opinion it's impossible to do, because you want to prove something but without revealing it, and without revealing it you can't prove anything. It's like you want to prove your name but you never say your own name, then how do we know your name if you don't want to say it?

[Upgrade00]

I imagine in said document you could simply reveal Y & Z but in theory, an attacker could then cycle thru known addresses until one hash matches,

You can't do that theoretically, cause the document would be unverified then, it could pretty much be any signature for any address, or not be a valid signature at all, if there is no address with which to verify it.

You could provide the signed message and then encrypt that using a PGP signature, this keeps the information covert until such a time that it become needed, at which point you can decrypt it.

[DaveF]

So what you are looking to do is:

Text:

Code:

This is DaveF saying this

Signature:

Code:

IGd595fz/NXdZJSV0DDA4grRZAf4kDqBB7fa8LnI7wuIf7Ihu8chopvTsWWXGieVFqysnZ3laZZzAJ0Enw5x8cc=

BUT not tell people what address it's signed with.

So, until there is a NEED to prove you wrote something there is no way to know if it's valid or not.

So in theory 10 years from now I could prove that on 4-Feb-2024 because of the above text and signature I controlled the address bc1qugdlj4sghspzyx5w74xm77mn67auyzc2y6huls

I cannot see another need other than that.

-Dave

[BitMaxz]

Signing a message requires a private key once you sign a message it generates a signature and then verifying ownership of an address requires a message and signature.

You need to provide them all except the private key.

So what exactly is the X for you is that a private key? If that's the private key you shouldn't share it with anyone providing the message, address, and signature is enough to prove you own that address.

[Stalker22]

~
I imagine in said document you could simply reveal Y & Z but in theory, an attacker could then cycle thru known addresses until one hash matches, so was looking to avoid this. Is the simplest method to just hash the revealed components one more time, withholding one of the inputs?

Is there a reason you have to reveal the entire message right away? In your scenario, you could first simply reveal Y (partially) & Z. Then, when proof is needed, you can reveal Y in full, and X to verify and confirm the signature.  That way, there is no real chance of an "attacker" finding X ahead of time.

[odolvlobo]

I understand I can sign a message Y to prove I own an address X that produces a hash Z. However is there a way to sign/verify to prove ownership of X without revealing X? This would be for purposes of establishing ownership in documentation now in case of audit later. I imagine in said document you could simply reveal Y & Z but in theory, an attacker could then cycle thru known addresses until one hash matches, so was looking to avoid this. Is the simplest method to just hash the revealed components one more time, withholding one of the inputs?

A simple way to do it is to sign a message and provide only a hash of the message plus signature. Then when you want to prove ownership, provide the message and signature. The hash proves that the message and signature are authentic.

If that is not sufficient, then perhaps it can be done with a "zero-knowledge proof". A zero knowledge proof is used to prove that a statement is true without revealing the statement itself.

https://en.wikipedia.org/wiki/Zero-knowledge_proof

[nelson4lov]

The only technology that I have read about in recent times that can do what OP wants is a Zero Knowledge Proof. AFAIK, there's no public version that everyone can publicly use right now. The projects working on Zk tech like Zksync, Aleo, etc are yet to fully launch.

Like DaveF said, in years to come, it should be available but I'm of the opinion that we will get it before 10 years.

Wikipedia info: https://en.m.wikipedia.org/wiki/Zero-knowledge_proof

[adaseb]

Like the above replies have said. You can post the hash but the other party wouldnt be able to verify at the moment if it’s real or not. So in the future you can post your address finally and prove your hash was true but at the moment it’s a risky take for the other party.

You need to provide the address if you want have adequate proof that the hash you provide has meaning. Because anyone can make up a bunch of random character and tell the other party that they need to just trust you that you are telling the truth, but in crypto most people want to verify and not trust.

[samadamsbeer]

So what you are looking to do is:

Text:

Code:

This is DaveF saying this

Signature:

Code:

IGd595fz/NXdZJSV0DDA4grRZAf4kDqBB7fa8LnI7wuIf7Ihu8chopvTsWWXGieVFqysnZ3laZZzAJ0Enw5x8cc=

BUT not tell people what address it's signed with.

So, until there is a NEED to prove you wrote something there is no way to know if it's valid or not.

So in theory 10 years from now I could prove that on 4-Feb-2024 because of the above text and signature I controlled the address bc1qugdlj4sghspzyx5w74xm77mn67auyzc2y6huls

I cannot see another need other than that.

-Dave

Yes that is what I was trying to explain I was trying to do. If the document is public, this allows people to view it, but I can selectively prove the ownership to parties I want to do that with. Sounds like a 2nd hashing is a good way to do this.

[DaveF]

So what you are looking to do is:

Text:

Code:

This is DaveF saying this

Signature:

Code:

IGd595fz/NXdZJSV0DDA4grRZAf4kDqBB7fa8LnI7wuIf7Ihu8chopvTsWWXGieVFqysnZ3laZZzAJ0Enw5x8cc=

BUT not tell people what address it's signed with.

So, until there is a NEED to prove you wrote something there is no way to know if it's valid or not.

So in theory 10 years from now I could prove that on 4-Feb-2024 because of the above text and signature I controlled the address bc1qugdlj4sghspzyx5w74xm77mn67auyzc2y6huls

I cannot see another need other than that.

-Dave

Yes that is what I was trying to explain I was trying to do. If the document is public, this allows people to view it, but I can selectively prove the ownership to parties I want to do that with. Sounds like a 2nd hashing is a good way to do this.

The issue is that once you let the proof out, no matter who you reveal it to, it's out there because they can then tell anyone.
The other side is you show them in a way that they can see but not duplicate, BUT and this is a big important BUT, they have to then trust that you are not doing something shady in the background.

If you want to give them the process / address / info to prove it then you are giving them the ability to prove it to the world.

Don't know if that matters for what you are trying to do, but it's something to think about.

-Dave