What is Nostr?
Jean-Pierre Rupp [ARCHIVE] /
npub1ymm…30qh
2023-06-07 17:42:21
in reply to nevent1q…m2uc

Jean-Pierre Rupp [ARCHIVE] on Nostr: 📅 Original date posted:2015-10-04 📝 Original message:I have a possible ...

📅 Original date posted:2015-10-04
📝 Original message:I have a possible solution:

Take all public keys encoded in the purpose-specific extended public
keys (m/45') of all cosigners and sort them lexicographically, according
to BIP-45. Serialize this information and calculate its HASH160
(RIPEMD160 ∘ HASH256). Split the output in five 32-bit chunks, setting
the MSB on all of them to 0. Use these 32-bit chunks to build a
derivation path from the purpose-specific extended public keys. Treat
this derivation path as if it was the purpose-specific extended public
key in BIP-45.

This scheme will avoid public key sharing, and as long as you share your
purpose-specific extended public key only with your cosigners, it should
be relatively hard for a passive observer to link activity between
different cosigning accounts.

On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote:
> Hello,
>
> I have been reviewing BIP-45 today. There is a privacy problem with it
> that should at least be mentioned in the document.
>
> When using the same extended public key for all multisig activity, and
> dealing with different cosigners in separate multisig accounts, reuse of
> the same set of public keys means that all cosigners from all accounts
> will be able to monitor multisig activity from every other cosigner, in
> every other account.
>
> Besides privacy considerations, HD wallet's non-reuse of public keys
> provide some defence against wallets that do not implement deterministic
> signing, and use poor entropy for signature nonces.
>
> Unless users are expected to establish a single cosigning account, this
> scheme will result in reuse of public keys, and degradation of privacy.
>
> I understand that for convenience it is useful to have a single extended
> public key that can be handed to every cosigner. This makes setting up
> accounts or recovering from data loss a easier.
>
> I suggest that privacy & potential security degradation due to increased
> public key reuse in the case of users with multiple multisig accounts
> should get a mention in the BIP-45 document.
>
> Greetings
Author Public Key
npub1ymm7v2axmjgetkqvh6l7900qnk5za089fcu7snzsw6f5wzy55e5s3v30qh