Jonathan Underwood [ARCHIVE] on Nostr: ๐ Original date posted:2019-06-26 ๐ Original message:Hello all, Just wanted to ...
๐
Original date posted:2019-06-26
๐ Original message:Hello all,
Just wanted to pick your brains about an idea for PSBT extension.
One problem we try to solve with cold -> warm and warm -> hot sends for our
exchange wallet is "How do I know that the address I am sending to is not a
hacker's address that was swapped in between unsigned tx creation and first
signature?"
We have a proprietary JSON based encoding system which we are looking to
move towards PSBT, but PSBT is missing this key functionality.
BIP32_DERIVATION does allow us to verify the address is from a certain
XPUB, but, for example, it can not allow us to verify a signature of that
xpub.
I have made a rough draft of the proposed key value specification.
https://github.com/junderw/bips/blob/addXpubSig/bip-0174.mediawiki#specification
The signing key path used in the spec is just randomly chosen 31 x 4 bits
shown as numbers with hardened paths.
Since this issue seems similar to the change address issue, I started from
that as a base. With the HW wallet case, I can verify the xpub by just
deriving it locally and comparing equality, however, in our case, we need
to verify an xpub that we do not have access to via derivation from our
cold key(s) (since we don't want to import our warm private key into our
cold signer)
So the flow would be:
1. Securely verify the xpub of the warm / hot wallet.
2. Using the airgap signing tool, sign the xpub with all cold keys.
3. Upload the signature/xpub pairs to the online unsigned transaction
generator.
4. Include one keyval pair per coldkey/xpub pairing.
5. When offline signing, if the wallet detects there is a global keyval
XPUB_SIGNATURE with its pubkey in the key, it must verify that all outputs
have BIP32_DERIVATION and that it can verify the outputs through the
derivation, to the xpub, and to the signature.
In my attempt to fitting this into PSBT, I am slightly altering our current
system, so don't take this as an indication 100% of how we work in the
backend.
However, I would like to hear any feedback on this proposal.
Thanks,
Jonathan
--
-----------------
Jonathan Underwood
ใใใใใณใฏ็คพ ใใผใใใใใณใคใณใชใใฃใตใผ
-----------------
ๆๅทๅใใใกใใปใผใธใใ้ใใฎๆนใฏไธ่จใฎๅ ฌ้้ตใใๅฉ็จไธใใใ
ๆ็ด: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190627/82c9ecc0/attachment.html>;
๐ Original message:Hello all,
Just wanted to pick your brains about an idea for PSBT extension.
One problem we try to solve with cold -> warm and warm -> hot sends for our
exchange wallet is "How do I know that the address I am sending to is not a
hacker's address that was swapped in between unsigned tx creation and first
signature?"
We have a proprietary JSON based encoding system which we are looking to
move towards PSBT, but PSBT is missing this key functionality.
BIP32_DERIVATION does allow us to verify the address is from a certain
XPUB, but, for example, it can not allow us to verify a signature of that
xpub.
I have made a rough draft of the proposed key value specification.
https://github.com/junderw/bips/blob/addXpubSig/bip-0174.mediawiki#specification
The signing key path used in the spec is just randomly chosen 31 x 4 bits
shown as numbers with hardened paths.
Since this issue seems similar to the change address issue, I started from
that as a base. With the HW wallet case, I can verify the xpub by just
deriving it locally and comparing equality, however, in our case, we need
to verify an xpub that we do not have access to via derivation from our
cold key(s) (since we don't want to import our warm private key into our
cold signer)
So the flow would be:
1. Securely verify the xpub of the warm / hot wallet.
2. Using the airgap signing tool, sign the xpub with all cold keys.
3. Upload the signature/xpub pairs to the online unsigned transaction
generator.
4. Include one keyval pair per coldkey/xpub pairing.
5. When offline signing, if the wallet detects there is a global keyval
XPUB_SIGNATURE with its pubkey in the key, it must verify that all outputs
have BIP32_DERIVATION and that it can verify the outputs through the
derivation, to the xpub, and to the signature.
In my attempt to fitting this into PSBT, I am slightly altering our current
system, so don't take this as an indication 100% of how we work in the
backend.
However, I would like to hear any feedback on this proposal.
Thanks,
Jonathan
--
-----------------
Jonathan Underwood
ใใใใใณใฏ็คพ ใใผใใใใใณใคใณใชใใฃใตใผ
-----------------
ๆๅทๅใใใกใใปใผใธใใ้ใใฎๆนใฏไธ่จใฎๅ ฌ้้ตใใๅฉ็จไธใใใ
ๆ็ด: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190627/82c9ecc0/attachment.html>;