Published on: 2015-10-05T19:36:05+00:00
The discussion revolves around the use of extended public keys in multisig arrangements following the BIP-45 specification. It is mentioned that using the same derivation for all multi-signature accounts simplifies the workflow, but it becomes harder to restore the wallet if all information except for the mnemonic and extended public keys is lost.In an email exchange, Jean-Pierre Rupp expresses concern about a privacy issue in BIP-45. He explains that reusing the same set of public keys allows all cosigners to monitor each other's multi-signature activity. Matias Alejo Garcia responds, stating that each party can see the transaction history of the shared wallet but should use different xpubs for other wallets.The context includes a PGP signed message discussing the use of extended public keys in multisig arrangements. It suggests Pedro participating in a 2-of-2 cosigning arrangement with a merchant, using the same extended public key derived from path m/45'. The message discusses the difference between using m/i'/45' and m/45' within a BIP45 wallet like Copay.A multisig account is explained as an agreement between cosigners requiring a set number of signatures. It follows the BIP-45 specification, and each cosigner's address public key is obtained from the master key's derivation path. Reusing the same set of extended public keys is not required or recommended by BIP45. Each signing party needs the extended public keys of all other parties, and they can see the transaction history of the shared wallet.On October 4, 2015, Thomas Kerin suggests amending BIP45, but he is informed that BIPs are not amended after the fact. Instead, it may be best to write a new BIP specifying a "pseudorandom & deterministic path generation for HD/multi-signature accounts. "A developer raises concerns about the privacy issue caused by reusing public keys in multi-signature addresses restored from a seed. A possible solution is proposed, involving sorting and hashing the public keys to build a derivation path. However, it is noted that unless users establish a single co-signing account, this scheme will result in public key reuse and privacy degradation.The context also mentions the author reviewing BIP-45 and identifying a privacy issue with using the same extended public key for all multi-sig activity. They suggest including privacy and security degradation due to increased public key reuse in the BIP-45 document. They propose a solution involving sorting and hashing public keys to avoid sharing them.The email concludes with an invitation for feedback on the team's approach to building Copay, a multisignature P2SH HD wallet. The team outlines their assumptions and general address generation procedure. They also discuss lexicographically sorting public keys and the need for a non-hardened version of the purpose for the path.
Updated on: 2023-08-01T16:29:01.179451+00:00