Using sign feature: is there a risk in signing the address itself ?

[passerby]

Hello!

I have a question:
Let's say I have a bitcoin address B
It's corresponding private key is kB

Let's say I sign a message that contains B, such as "Hello, B is the address I just signed with its own key" with kB.

Does this action pose any risk beyond "it really looks weird" ?

[1714777729]

1714777729

[1714777729]

1714777729

[1714777729]

1714777729

[1714777729]

1714777729

[1714777729]

1714777729

[1714777729]

1714777729

[gmaxwell]

Let's say I have a bitcoin address B
It's corresponding private key is kB
Let's say I sign a message that contains B, such as "Hello, B is the address I just signed with its own key" with kB.
Does this action pose any risk beyond "it really looks weird" ?

Nope, it's safe, all signing is on a hash of the message, and its assumed that a malicious party may be supplying the strings you sign. Though why do you think it looks weird?

[Stephen Gornick]

Does this action pose any risk beyond "it really looks weird" ?

What risk are you thinking might exist?  Exposing your identity or what?

[DeathAndTaxes]

The only risk is that it is completely vague.

Generally you sign something specific.  Signing something as vague as an address has no real value.  What does it mean?  What can an attacker convince someone it means?

Example:

"I passerby for order #123456 wish to receive a pink pony".

"random Bitcoin address"

which is more clear as to the intent of the signed message.

[passerby]

Does this action pose any risk beyond "it really looks weird" ?

What risk are you thinking might exist?  Exposing your identity or what?

No, I was thinking along the lines of "signing a pubkey hash with privkey looks like an odd idea - I wonder if people more knowledgeable than me know if it will do anything weird"

[sebastian]

I understand what the OP is out after:

In RSA, theres something called blind signing.

RSA is:
Applying the PRIVKEY to a plaintext, the resulting chipertext can only be decrypted by applying the PUBKEY to the text.
Applying the PUBKEY to a plaintext, the resulting chipertext can only be decrypted by applying the PRIVKEY to the text.

Then blind signing is applying a factor X to a key, so the signer does not know the contents of the message.
If the message is M*X, the signature is S*X provided that S is a signature of M.

If E is a encrypted message encrypted with keypair consisting of PUB A and PRIV B it will be:
Apply A to P and gain E.
a adversiary can fool the receiver to decrypt the message as:
E*X.
Send to owner of B.
Owner applies B to E*X and yeld P*X.
Adversiary removed X by dividing P*X with X, and yelds the plaintext P.
More info: http://en.wikipedia.org/wiki/Blind_signature



The OP wonders if there is similiar risk with signing a adress with its own key and risking leaking the key or something.

Can say that since the adress is a hash of the pubkey, its NO risk whatsoever to sign the adress.
There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.

[dooglus]

There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.

Not if you're signing an ASCII hex representation of the public key, I wouldn't think.

[Gavin Andresen]

There MIGHT be riskes with signing public/private keys, but I don't know enough about ECDSA to prove it false or true.

"We" thought of that (where "we" was actually Khalahan and Pieter and Gregory, if I recall correctly).

The string "Bitcoin Signed Message:\n" is prepended to the message as salt, then that's SHA256-hashed twice, and the hash is what is signed/verified. Sign anything you like, it won't reveal information about your keys (unless your OpenSLL implementation has a broken random number generator and doesn't generate unique signing nonces).