Bitcoin Forum
March 29, 2024, 07:11:10 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Using sign feature: is there a risk in signing the address itself ?  (Read 1015 times)
passerby (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 24, 2012, 08:01:19 PM
 #1

Hello!

I have a question:
Let's say I have a bitcoin address B
It's corresponding private key is kB

Let's say I sign a message that contains B, such as "Hello, B is the address I just signed with its own key" with kB.

Does this action pose any risk beyond "it really looks weird" ?
1711696270
Hero Member
*
Offline Offline

Posts: 1711696270

View Profile Personal Message (Offline)

Ignore
1711696270
Reply with quote  #2

1711696270
Report to moderator
1711696270
Hero Member
*
Offline Offline

Posts: 1711696270

View Profile Personal Message (Offline)

Ignore
1711696270
Reply with quote  #2

1711696270
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711696270
Hero Member
*
Offline Offline

Posts: 1711696270

View Profile Personal Message (Offline)

Ignore
1711696270
Reply with quote  #2

1711696270
Report to moderator
1711696270
Hero Member
*
Offline Offline

Posts: 1711696270

View Profile Personal Message (Offline)

Ignore
1711696270
Reply with quote  #2

1711696270
Report to moderator
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4158
Merit: 8343



View Profile WWW
July 24, 2012, 08:12:36 PM
 #2

Let's say I have a bitcoin address B
It's corresponding private key is kB
Let's say I sign a message that contains B, such as "Hello, B is the address I just signed with its own key" with kB.
Does this action pose any risk beyond "it really looks weird" ?
Nope, it's safe, all signing is on a hash of the message, and its assumed that a malicious party may be supplying the strings you sign. Though why do you think it looks weird?
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
July 24, 2012, 08:16:32 PM
 #3

Does this action pose any risk beyond "it really looks weird" ?

What risk are you thinking might exist?  Exposing your identity or what?

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
July 24, 2012, 08:18:57 PM
 #4

The only risk is that it is completely vague.

Generally you sign something specific.  Signing something as vague as an address has no real value.  What does it mean?  What can an attacker convince someone it means?

Example:

"I passerby for order #123456 wish to receive a pink pony".

"random Bitcoin address"

which is more clear as to the intent of the signed message.
passerby (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
July 24, 2012, 08:23:31 PM
 #5

Does this action pose any risk beyond "it really looks weird" ?

What risk are you thinking might exist?  Exposing your identity or what?
No, I was thinking along the lines of "signing a pubkey hash with privkey looks like an odd idea - I wonder if people more knowledgeable than me know if it will do anything weird"

sebastian
Full Member
***
Offline Offline

Activity: 129
Merit: 118


View Profile
July 25, 2012, 09:40:01 AM
 #6

I understand what the OP is out after:

In RSA, theres something called blind signing.

RSA is:
Applying the PRIVKEY to a plaintext, the resulting chipertext can only be decrypted by applying the PUBKEY to the text.
Applying the PUBKEY to a plaintext, the resulting chipertext can only be decrypted by applying the PRIVKEY to the text.

Then blind signing is applying a factor X to a key, so the signer does not know the contents of the message.
If the message is M*X, the signature is S*X provided that S is a signature of M.

If E is a encrypted message encrypted with keypair consisting of PUB A and PRIV B it will be:
Apply A to P and gain E.
a adversiary can fool the receiver to decrypt the message as:
E*X.
Send to owner of B.
Owner applies B to E*X and yeld P*X.
Adversiary removed X by dividing P*X with X, and yelds the plaintext P.
More info: http://en.wikipedia.org/wiki/Blind_signature



The OP wonders if there is similiar risk with signing a adress with its own key and risking leaking the key or something.

Can say that since the adress is a hash of the pubkey, its NO risk whatsoever to sign the adress.
There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1327



View Profile
July 25, 2012, 07:03:37 PM
 #7

There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.

Not if you're signing an ASCII hex representation of the public key, I wouldn't think.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652
Merit: 2164


Chief Scientist


View Profile WWW
July 25, 2012, 07:20:58 PM
 #8

There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.
"We" thought of that (where "we" was actually Khalahan and Pieter and Gregory, if I recall correctly).

The string "Bitcoin Signed Message:\n" is prepended to the message as salt, then that's SHA256-hashed twice, and the hash is what is signed/verified. Sign anything you like, it won't reveal information about your keys (unless your OpenSLL implementation has a broken random number generator and doesn't generate unique signing nonces).

How often do you get the chance to work on a potentially world-changing project?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!