Published on: 2019-07-23T05:03:32+00:00
Jonathan Underwood, the Chief Bitcoin Officer at Bitbank Co., Ltd., has initiated a discussion on GitHub regarding the security of signed data in one-of-one multisig systems. He argues that explicitly signing the data is more secure, even if the difference is apparent outside the signed data. Dmitry Petukhov suggests using 0 as an indicator for serial numbers and requiring m=1 for single-sig cases. Jonathan mentions that 0x00 represents single sig and 0x01 represents multisig. The discussion also touches upon the use of redeem/witness scripts to differentiate between multisig and single-sig. The conversation also explores the revocation of signatures and the storage of whitelist pubkeys. It is suggested that a hardware wallet could store at least one counter and have rich state stored externally. However, storing a large enough state in the RAM of a resource-constrained device may present a problem. Another idea proposed is to add a serial to xpub-package, which would allow for revoking previously signed packages with compromised keys. In the discussion on the proposed field key format for PSBT, Dmitry Petukhov suggests replacing the signing public key with just a fingerprint of the master key to save bytes. However, it is pointed out that someone other than the signer would need to know the signing_pubkey beforehand for verification purposes. It is decided to use the first 4 bytes of the hash160 of the pubkey as the fingerprint. There is also a suggestion to add a serial number to the xpub package for revoking previously signed packages with compromised keys, but this may require a separate BIP.Jonathan Underwood proposes a solution for verifying change with multisig using the 0x01 global type proposed by Andrew Chow. The proposal involves signing each other's xpubs and creating a wallet that requires the other pubkeys to have signatures via his 0x02 proposal. However, the drawback is having to include n! (of m-of-n) signatures in every PSBT. A proposal is made to extend PSBT to allow for verifying that the destination address in a transaction has not been compromised. It is suggested that this issue be dealt with outside of PSBT to avoid making the core specification too large.A proposal has been made to extend Partially Signed Bitcoin Transactions (PSBT) to include a key value specification that would help verify the address a transaction is being sent to. The proposed scheme involves signing each other's extended public keys (xpubs) by all signers of a transaction, which can then be used to verify the destination address. Concerns were raised about its use in multisig wallets where some keys may be compromised. To prevent compromised keys from invalidating transactions, hardware wallets could be shown a specific 'epoch' word or serial number for xpub packages. These schemes could be included in PSBT as 'meta-information' or 'vendor-specific' fields.The proposed key value specification aims to address the issue of verifying addresses when transferring funds between cold and warm/hot wallets. While BIP32_DERIVATION can verify an address from a specific XPUB, it cannot verify its signature. The solution involves securely verifying the xpub of the warm/hot wallet using an airgap signing tool, uploading the signature/xpub pairs to the online unsigned transaction generator, and including one keyval pair per coldkey/xpub pairing. To avoid complicating the core PSBT specification, it is suggested that the various schemes should be dealt with outside of PSBT as 'PSBT metainformation' or using vendor-specific fields.The proposal also discusses the implementation of multisig wallet security with PSBT by signing all xpubs for a multisig wallet and including them in each transaction. This ensures that all signers are aware of every key involved in the transaction, increasing security for HD wallets. However, concerns were raised about the possibility of partial compromise, where one of the keys is stolen. The need for proper key revocation mechanisms is highlighted to ensure that signed packages cannot be used by attackers.Overall, the proposed extension of PSBT aims to improve the verification process and increase security for HD wallets. Feedback and suggestions for improvement have been invited by Jonathan Underwood.
Updated on: 2023-08-02T01:01:27.845359+00:00