How to prove to someone that an Bitcoin address (or UTXO) belongs to you? - page 3.

aliashraf

legendary

Activity: 1456

Merit: 1175

Always remember the cause!

Quote from: jak3 on April 27, 2019, 04:12:11 PM

If you have the private key of your wallet then you can use that private key to sign a message. Maybe you have seen the PGP keys out here in this forum before, those are encrypted messages which can be viewed with your public key but can only be unlocked or in this case signed from your private key. And as we know private keys are what truly makes you the owner of the Bitcoin address.
https://bitcoinmagazine.com/articles/bitcoin-address-sign-1399914228/
Try this article to find out more about how this signing addresses works and how to perform them.

To use a signed message as a proof of ownership of a bitcoin address, you need to disclose the public key behind that address otherwise how the other party would be able to verify your signature?

Disclosing public keys is not recommended practice in bitcoin community (don't take bob123 much serious Grin

) it is why we discourage address re-use, Actually a very effective proposal about signing multiple utxos (with a same output address) using a single signature has been abandoned just because og its potential of encouraging address re-use.

PGP keys typically use very higher security levels (like 4096 bits) compared to bitcoin ECDSA 256k1 and it is why people are more relaxed about sharing their public keys.

jak3

legendary

Activity: 1274

Merit: 1004

If you have the private key of your wallet then you can use that private key to sign a message. Maybe you have seen the PGP keys out here in this forum before, those are encrypted messages which can be viewed with your public key but can only be unlocked or in this case signed from your private key. And as we know private keys are what truly makes you the owner of the Bitcoin address.
https://bitcoinmagazine.com/articles/bitcoin-address-sign-1399914228/
Try this article to find out more about how this signing addresses works and how to perform them.

aliashraf

legendary

Activity: 1456

Merit: 1175

Always remember the cause!

Quote from: bob123 on April 26, 2019, 02:27:11 AM

---

I strongly recommend reading for you instead of posting here. Cheesy

The concerns I kisted in my post are not personal, they are common concerns among cryptographers including bitcoiners, Check this one for instance https://git.libssh.org/projects/libssh.git/tree/doc/[email protected]#n4

It is very bad attitude to talk about subjects that one has no background about. In the context of this topic, disclosing public keys is not recommended by prominent bitcoiners exactly because of the security concerns I've mentioned above and your comment is not only worthless but also misleading and causes confusion. Drive safe. Wink

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: aliashraf on April 25, 2019, 01:29:46 PM

1- Bitcoin uses ECDSA 256k1 which is not considered very strong compared to electronic signature schemes currently employed with 2048 bits length and more.

Which 'electronic' signature schemes are you exactly talking about ?
I hope you are not talking about RSA..

Quote from: aliashraf on April 25, 2019, 01:29:46 PM

2- Many implementation bugs have been identified (and fixed, thanks god) in ECDSA key generation libraries

Like you wrote... in libaries.

Some random developer wrote a buggy libary which allowed room for exploitation.. So.. how is this related to ECDSA / bitcoin at all ?

Quote from: aliashraf on April 25, 2019, 01:29:46 PM

3- Many authors have suggested conspiracy theories about NSA implementing back doors in the whole ECDSA algorithm and/or related software/hardware.

And the government controls all of our brains with the help of chemtrails!

Please.. for the sake of satoshi.. stop posting so much retarded misinformation. That hurts reading.

Jean_Luc

sr. member

Activity: 462

Merit: 701

Quote from: aliashraf on April 25, 2019, 02:08:49 PM

QC is not the problem (not now) but your estimate about "billions of years" is not correct. There are good reasons to avoid re-using bitcoin addresses:

Breaking ESDA is about prime factorization and not brute forcing sha2, hence it has nothing to do with ASICs used in bitcoin network. It is an active research field in mathematics and although it is hard to believe in discovery of a magical algorithm improvements are absolutely possible. Meanwhile Moore law is still working and attack costs are decreasing constantly.

This was just a comparison, if you consider having an equivalent power to the whole BTC network with ASIC dedicated to ECC (not SHA2) , breaking a single key would require several billions of years using the faster algorithm known today.
I agree with you, the most probable thing is that someone find the way to solve ECDLP in polynomial time and space, in that case, bitcoin would die immediately.

Quote from: aliashraf on April 25, 2019, 02:08:49 PM

More importantly, it is not just about the algorithm itself, side channel/implementation dependent attacks are another serious class of threats.

In that case, your address is also not safe.

Quote from: aliashraf on April 25, 2019, 02:08:49 PM

And we have conspiracy theories about NSA and its history of implanting back doors in its products.

Don't worry about that ! You can check the order of the curve, its embedding degree, primitive roots of unity, etc,... all is ok !

Quote from: aliashraf on April 25, 2019, 02:08:49 PM

Finally, there is no reason to encourage disclosure of public keys and becoming exposed to various range of potential attacks specially when it comes to sensitive utxos which are supposed to stay live for long times and hold significant amounts of bitcoin.

There is also no reason today to discourage exposure of public key.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: aliashraf on April 25, 2019, 08:30:05 AM

You need to:
1- generate a new address/wallet
2- announce the address to other party
3- transfer funds from the original utxo to new address

this method is not good at all because first of all it forces you to create an unnecessary on-chain transaction and pay fees, specially nowadays that fees are shooting up again.
secondly it is not reliable since it can be faked. you have no way of knowing whether the sending address or receiving address belong to the person trying to prove ownership.

Quote

Note: Signing a message with your private key is not safe because you need to disclose the corresponding pubkey (which your address is its RIPEMD-160 hash).

you don't exactly disclose your pubkey, not directly anyways. you only reveal your signature and your public key can be found from that. and more importantly you can NOT call it "not safe" because it is perfectly safe, as safe as millions of translations that have been made so far. in other words just because some day ECDSA may be broken doesn't mean it is not safe today.

aliashraf

legendary

Activity: 1456

Merit: 1175

Always remember the cause!

Quote from: Jean_Luc on April 25, 2019, 01:45:32 PM

No risk to expose the pubkey. No powerful enough quantum computer exists today. Creating a true 256 qbit register is technically as hard as solving ECDLP256 with a classic supercomputer. If you consider a specific supercomputer (based on ASIC dedicated to ECC) with an equivalent power of the whole BTC network, solving a single key would require several billion years.

QC is not the problem (not now) but your estimate about "billions of years" is not correct. There are good reasons to avoid re-using bitcoin addresses:

Breaking ESDA is about prime factorization and not brute forcing sha2, hence it has nothing to do with ASICs used in bitcoin network. It is an active research field in mathematics and although it is hard to believe in discovery of a magical algorithm improvements are absolutely possible. Meanwhile Moore law is still working and attack costs are decreasing constantly.

More importantly, it is not just about the algorithm itself, side channel/implementation dependent attacks are another serious class of threats.

And we have conspiracy theories about NSA and its history of implanting back doors in its products.

Finally, there is no reason to encourage disclosure of public keys and becoming exposed to various range of potential attacks specially when it comes to sensitive utxos which are supposed to stay live for long times and hold significant amounts of bitcoin.

Jean_Luc

sr. member

Activity: 462

Merit: 701

No risk to expose the pubkey. No powerful enough quantum computer exists today. Creating a true 256 qbit register is technically as hard as solving ECDLP256 with a classic supercomputer. If you consider a specific supercomputer (based on ASIC dedicated to ECC) with an equivalent power of the whole BTC network, solving a single key would require several billion years.

aliashraf

legendary

Activity: 1456

Merit: 1175

Always remember the cause!

Quote from: ?? on ??

AFAIK ZKP isn't possible, either use method mentioned by CodyAlfaridzi or aliashraf

Quote from: aliashraf on April 25, 2019, 08:30:05 AM

Note: Signing a message with your private key is not safe because you need to disclose the corresponding pubkey (which your address is its RIPEMD-160 hash).

Good point, but it's not like Quantum Computer which can guess ECDSA's private key from it's public exist (yet).

Although QC is not commercially available for now in cases that the wallet holds large amounts of bitcoin and is supposed to be untouched for years (like Satoshi's wallets) disclosing public key is not recommended because:

1- Bitcoin uses ECDSA 256k1 which is not considered very strong compared to electronic signature schemes currently employed with 2048 bits length and more. Besides QC, traditional supercomputers and sophisticated algorithms increasingly push for breaking longer and longer key lengths in feasible time.

2- Many implementation bugs have been identified (and fixed, thanks god) in ECDSA key generation libraries that allow hackers to run side channel attacks against them, there is no guarantee for this not to occur again, a disclosed public key provides the basis and multiple instances of signed messages escalates the problem.

3- Many authors have suggested conspiracy theories about NSA implementing back doors in the whole ECDSA algorithm and/or related software/hardware.

AB de Royse777

legendary

Activity: 2464

Merit: 3878

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: ?? on ??

AFAIK ZKP isn't possible, either use method mentioned by CodyAlfaridzi or aliashraf

Quote from: aliashraf on April 25, 2019, 08:30:05 AM

Note: Signing a message with your private key is not safe because you need to disclose the corresponding pubkey (which your address is its RIPEMD-160 hash).

Good point, but it's not like Quantum Computer which can guess ECDSA's private key from it's public exist (yet).

After reading the response about signing an address, is it really risky exposing pubkey? I mean even with the Quantum Computing? Just wanted to 100% sure coz I see people sign their address to prove ownership of the address and I have done that to in several occasions.

And I bet most of us did the same.

khaled0111

legendary

Activity: 2702

Merit: 3045

Top Crypto Casino

Quote from: aliashraf on April 25, 2019, 08:30:05 AM

...

As aliashraf said, it is better to send a small amount of btc (dust) you agree on on advance to a new address generated by the other party.

I don't think exposing your pubkey by signing a message is a real risk though, at least for now, but "better be safe than sorry".

aliashraf

legendary

Activity: 1456

Merit: 1175

Always remember the cause!

Quote from: Staizita on April 25, 2019, 06:48:16 AM

How to prove to someone that an Bitcoin address (or UTXO) belongs to you?

Are there (ZK) methods to prove it?

Does anyone know?

You need to:
1- generate a new address/wallet
2- announce the address to other party
3- transfer funds from the original utxo to new address

Note: Signing a message with your private key is not safe because you need to disclose the corresponding pubkey (which your address is its RIPEMD-160 hash).

CodyAlfaridzi

hero member

Activity: 1708

Merit: 541

Sign a message with your Bitcoin address.

How to sign a message?!

Staizita

newbie

Activity: 13

Merit: 4

How to prove to someone that an Bitcoin address (or UTXO) belongs to you?

Are there (ZK) methods to prove it?

Does anyone know?

Topic: How to prove to someone that an Bitcoin address (or UTXO) belongs to you? - page 3. (Read 1139 times)