Actually no pgp, just a public seed
Theoretically a malware could replace your public seed with the hacker's. The only bullet-proof way is to register an account with an offline pgp key (or with a bitcoin key), and sign any payment requests with the key.
Sorry guys, I've been out of town at the MIT Bitcoin Expo this past weekend and haven't even been looking at this thread.
I just want to mention that the "real" solution here is something I've talked about for a while, but no one else in the community seems to be taking it seriously, even though it's perfectly compatible with BIP 32. You provide your BIP32 branch root public key (but not chaincode!), perhaps putting it on your business card. So your business card contains the public key portion of M/i/j, then when you compute address M/i/j/k for someone to pay you, you do all the hashing and crypto, and save off the multiplier just before it is applied to M/i/j. You send the recipient the receiving address
and the multiplier. They can apply the multiplier to the public key on your business card and see that it matches the address given, proving that it's actually part of your wallet. Note that this is perfectly private because the chaincode is not the same as the multiplier, and cannot be computed from the multiplier. It simply allows you to
optionally prove that an address is related to your root public key without leaking any privacy or security information.
Stealth addresses are based on this idea, but don't require any interaction. It lets the sender generate the multiplier for you using ECDH, and then encoding the DH information in an OP_RETURN output. However, it comes at the expense of extra data in the blockchain, and the receiver must scan every transaction in the blockchain with expensive crypto ops to find transactions to his wallet. This doesn't work with lite wallets, and the stealth address discussion has gone through many ideas of outsourcing that computation/search to trusted nodes with enough computing power.
Instead, using this rootkey+multiplier trick, you still have to provide a payment address to the sender, but they can prove to themselves that the address is yours as long as they have verified your root public key at any point in time. This doesn't require any extra computation or embedded blockchain data like stealth addresses do. It is a solid compromise between where we are and what stealth addresses attempt to accomplish.
When I talked about "...and a whole lot more" in my foreshadowing of what the new wallet format will do, that is one of those things we will be supporting. It would allow you to save BIP32 root public key information for various contacts in the wallet, and provide a new (optional) address encoding that proves your addresses are related. In all cases, we are requiring the sender to verify the receiver's address under the assumption that maybe the receiver's own WO wallet has an error or is compromised.
Until then, the best thing you can do is exchange watching-only wallets with parties you interact with frequently, and make sure that any payment addresses they send you appear in the WO wallet you have for them. Armory already gives you a way to watch multiple wallets and mark who they belong to. Out-of-band verification of payment addresses (such as phone call) would be recommended for exceptionally large transactions.
P.S. - This proposal does not have a
compact extension into P2SH multisig, but it is still possible. Your company would actually have, say, 5 public keys associated with the company address (because the company uses a 3-of-5). The sender would receive 5 multipliers, apply the multipliers to verify each one, and then sort the resulting public keys and create the P2SH-multisig themselves. There's no loss of privacy there, just a lot more data needing to be moved between parties to do the verification.
P.P.S - You would most likely include a much shorter hash on your business card, and then supply the root key(s), multiplier(s) and payment address all at once. They would hash the root key(s) to make sure it matches your business card, then follow the process above.
