Bitcoin Forum
December 09, 2016, 11:22:04 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Using sign feature: is there a risk in signing the address itself ?  (Read 875 times)
passerby
Member
**
Offline Offline

Activity: 112


View Profile
July 24, 2012, 08:01:19 PM
 #1

Hello!

I have a question:
Let's say I have a bitcoin address B
It's corresponding private key is kB

Let's say I sign a message that contains B, such as "Hello, B is the address I just signed with its own key" with kB.

Does this action pose any risk beyond "it really looks weird" ?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481325724
Hero Member
*
Offline Offline

Posts: 1481325724

View Profile Personal Message (Offline)

Ignore
1481325724
Reply with quote  #2

1481325724
Report to moderator
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2030



View Profile
July 24, 2012, 08:12:36 PM
 #2

Let's say I have a bitcoin address B
It's corresponding private key is kB
Let's say I sign a message that contains B, such as "Hello, B is the address I just signed with its own key" with kB.
Does this action pose any risk beyond "it really looks weird" ?
Nope, it's safe, all signing is on a hash of the message, and its assumed that a malicious party may be supplying the strings you sign. Though why do you think it looks weird?
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
July 24, 2012, 08:16:32 PM
 #3

Does this action pose any risk beyond "it really looks weird" ?

What risk are you thinking might exist?  Exposing your identity or what?

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
July 24, 2012, 08:18:57 PM
 #4

The only risk is that it is completely vague.

Generally you sign something specific.  Signing something as vague as an address has no real value.  What does it mean?  What can an attacker convince someone it means?

Example:

"I passerby for order #123456 wish to receive a pink pony".

"random Bitcoin address"

which is more clear as to the intent of the signed message.
passerby
Member
**
Offline Offline

Activity: 112


View Profile
July 24, 2012, 08:23:31 PM
 #5

Does this action pose any risk beyond "it really looks weird" ?

What risk are you thinking might exist?  Exposing your identity or what?
No, I was thinking along the lines of "signing a pubkey hash with privkey looks like an odd idea - I wonder if people more knowledgeable than me know if it will do anything weird"

sebastian
Member
**
Offline Offline

Activity: 119


View Profile
July 25, 2012, 09:40:01 AM
 #6

I understand what the OP is out after:

In RSA, theres something called blind signing.

RSA is:
Applying the PRIVKEY to a plaintext, the resulting chipertext can only be decrypted by applying the PUBKEY to the text.
Applying the PUBKEY to a plaintext, the resulting chipertext can only be decrypted by applying the PRIVKEY to the text.

Then blind signing is applying a factor X to a key, so the signer does not know the contents of the message.
If the message is M*X, the signature is S*X provided that S is a signature of M.

If E is a encrypted message encrypted with keypair consisting of PUB A and PRIV B it will be:
Apply A to P and gain E.
a adversiary can fool the receiver to decrypt the message as:
E*X.
Send to owner of B.
Owner applies B to E*X and yeld P*X.
Adversiary removed X by dividing P*X with X, and yelds the plaintext P.
More info: http://en.wikipedia.org/wiki/Blind_signature



The OP wonders if there is similiar risk with signing a adress with its own key and risking leaking the key or something.

Can say that since the adress is a hash of the pubkey, its NO risk whatsoever to sign the adress.
There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.
dooglus
Legendary
*
Offline Offline

Activity: 2002



View Profile
July 25, 2012, 07:03:37 PM
 #7

There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.

Not if you're signing an ASCII hex representation of the public key, I wouldn't think.

Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
July 25, 2012, 07:20:58 PM
 #8

There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.
"We" thought of that (where "we" was actually Khalahan and Pieter and Gregory, if I recall correctly).

The string "Bitcoin Signed Message:\n" is prepended to the message as salt, then that's SHA256-hashed twice, and the hash is what is signed/verified. Sign anything you like, it won't reveal information about your keys (unless your OpenSLL implementation has a broken random number generator and doesn't generate unique signing nonces).

How often do you get the chance to work on a potentially world-changing project?
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!