Revisting this topic. While changing the protocol to allow transactions with implicit public key recovery is worthwhile it would be a breaking change so I understand not moving on this. However there is absolutely no reason for the Bitcoin-Core client to require an address when verifying the signature. The PubKey can be recovered from the signature the PubKeyHash produced from that and then the address generated from that.
Can anyone think of any reason why the Bitcoin client requires the user provide the address (something it can and already does compute)?I would add the UI in the core client for this section is not user friendly. A user verifying signature has to copy and paste three separate components into three different boxes (one of which is pointless). How about a unified copy and paste of a single signed message block?
Why not have the user supply the message & signature (preferably in a unified encoded form (i.e. similar to PGP signed message) and then the client verifies the signature and computes and displays the results?
An example which puts it all together.
Input
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is an example of a signed message.
-----BEGIN BITCOIN SIGNATURE-----
HHfUi9n72BxXottUu+AbU4iS0QQLxPtAtuydgRcjc+XoY9Hzw8u6Z+wbzDV+owVLiQR85OwioPcUVJcT+LHjqCE=
-----END BITCOIN SIGNATURE-----
and the client responds with either
Message verified to be signed by 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1Tor
Message not verified. Please double check signed message is copied in it entirety including the BEGIN and END lines.Brainwallet.org has something similar and is more intuitive than the Bitcoin Core client. Still even the brainwallet website adds a "warning" that is pointless and vague.
Message verified to be from 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T (but address was not found in the signature!)-----BEGIN BITCOIN SIGNED MESSAGE-----
This is an example of a signed message.
-----BEGIN BITCOIN SIGNATURE-----
HHfUi9n72BxXottUu+AbU4iS0QQLxPtAtuydgRcjc+XoY9Hzw8u6Z+wbzDV+owVLiQR85OwioPcUVJcT+LHjqCE=
-----END BITCOIN SIGNATURE-----
The address is not found in the signature? Is that bad? Should I be worried? Am I being scammed? To most users, yellow is a color of caution. The expected outcome would be a definitive "SUCCESS" (and green) but instead there is this ambiguous partial success. The "yellow" response is pointless as anyone can add the address in after the signature is created to remove the warning. So what is is warning about. Adding the address 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T just above the signature looks like this and provides the expected "good" response.
Message verified to be from 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T-----BEGIN BITCOIN SIGNED MESSAGE-----
This is an example of a signed message.
-----BEGIN BITCOIN SIGNATURE-----
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
HHfUi9n72BxXottUu+AbU4iS0QQLxPtAtuydgRcjc+XoY9Hzw8u6Z+wbzDV+owVLiQR85OwioPcUVJcT+LHjqCE=
-----END BITCOIN SIGNATURE-----
The "caution" response only undermines the point of even allowing signatures that don't include the (unnecessary) address. Imagine you are a company which sends out signed messages to customers. Lets use the 80/20 rule. If you exclude the address 80% of your users will understand the "warning" is pointless however that means you are going to confuse 20% of your customers and that means extra cost and work. So why not just include the (pointless) address so it shows up as green.
Still the behavior isn't as bad as the core client which refuses to validate the signatures and throws an error.