Author: Craig Raw 2022-07-21 07:06:08
Published on: 2022-07-21T07:06:08+00:00
The lack of standardization for Segwit message signatures has been addressed by Ali Sherief, who proposed creating a BIP to set guidelines for writing a message signing and verification procedure. While it is technically possible to sign and verify segwit addresses, there is no generally-accepted standard for doing so. This has led wallets that do support this feature to simply insert the segwit address into the address field. Verification only works using the procedure on that specific wallet software because conventional tools for verifying messages attempt to reconstruct a legacy address only. This BIP proposal is not going to enforce anything but rather set guidelines for writing a message signing and verification procedure. It does not replace, supersede, or obsolete BIPs 173 or 322. The proposal aims to standardize the practice of placing the segwit address into the address field, without requiring alterations to the message signing format like those BIPs. In the verification part, the following address hashing algorithms will be tried in sequence in an attempt to reconstruct the address in the signed message: P2PKH (legacy address), P2WPKH-P2SH (nested segwit), and P2WPKH with version from 0 to MAX_WITNESS_VERSION. The verification procedure stops if any of these hashes yield the correct address and fails if all of the above methods fail to reproduce the address in the signed message.In the signing procedure, the only modification is the insertion of the segwit address in place of the legacy address in the signed message. If this BIP is approved, it does not require any changes to existing signed messages, and the original sign/verify algorithms will continue to interoperate with this improved sign/verify algorithm, without any action necessary from the developers.It was noted that COLDCARD makes signatures exactly like that when told to sign with a segwit address, using Sparrow to verify this signature. However, there are no known "verifiers" that will accept the signature provided by Peter (Coinkite Inc). The approach used is to convert the message and signature to a public key, trying first BIP137 and then the approach used by Electrum. The script type is extracted from the provided address and compared against the address constructed with the public key using the same script type.Lastly, it was mentioned that there is no BIP for the original signing method, as it was directly from Satoshi himself when the original client was written. A related issue is the "ascii armor" that is sometimes used, where newline-treatment isn't defined well enough for good interoperability.
Updated on: 2023-06-15T23:01:26.909272+00:00