Author: Jochen Hoenicke 2017-08-21 21:36:24
Published on: 2017-08-21T21:36:24+00:00
On August 21, 2017, Greg Sanders via bitcoin-dev proposed a solution to fix a problem with partially signed transactions. He consulted with andytoshi and came up with a solution that works for both cases. The proposal states that when a signing device receives a partially signed transaction, all inputs must come with an ownership proof. For each input ownership proof, the hardware wallet validates each signature over the hashed message, then attempts to "decode" the hash by applying its own private fixed key that only the signing device knows. If the hash doesn't match, it cannot be its own input. The hardware wallet then signs for every input that belongs to it.Jochen raised concerns about x, which is a private fixed key that only the signing device knows. Jochen suggested that x should be public so that the device can verify the signature. It was not clear what exactly is signed with which key and how it is checked. Moreover, one has to make sure that it's not possible to reuse signatures as ownership proof that were made for a different purpose.
Updated on: 2023-06-12T14:59:59.759026+00:00