Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Author

Topic: [Proposal?] Public keys availability for watch-only wallets (Read 96 times)

ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
[Proposal?] Public keys availability for watch-only wallets
June 16, 2021, 04:17:03 AM
#8
Quote from: BlackHatCoiner on June 15, 2021, 07:47:52 AM
Quote from: ?? on ??
1. Maybe there's no function to extract public key from signature.
Maybe? Is this something new that comes with Taproot or Schnorr signatures? Because I'm completely unaware of those two. As far as I know, you can extract the public key of a scriptSig to verify the message.

You're missing the point, why would ElectrumX extract and index public key when Electrum client send address and ask for related transaction?

Quote from: BlackHatCoiner on June 15, 2021, 07:47:52 AM
Quote from: ?? on ??
How should ElectrumX handle script which contain multiple signature or no signature?
How could one spend an output without proving it with a signature? I may have misunderstood this. As for the multi-signature, it could show any key that is exposed from the specified address. Maybe not all of them, if it's not a N-of-N multi-sig.

That depends on how script is created. But usually it's used as puzzle/challenge/bounty where you need to do something such as hash collusion or find correct number.
pooya87
legendary
Activity: 3444
Merit: 10558
Re: [Proposal?] Public keys availability for watch-only wallets
June 15, 2021, 10:56:15 PM
#6
There is no point in the Electrum nodes storing anything extra for something that is not really needed by users (ie. requesting public key).
Additionally if you want your public key then your wallet that knows both your address and your transaction history can easily extract it from any of the outgoing transactions locally without needing the node it connects to doing it for them.

There are very simple steps that could be added to the code:
1. Find a single outgoing transaction (a tx spending your coins)
2. Search among the inputs to see which one belongs to your wallet
[Electrum already performs these two steps]
3. Fetch the wallet/address type then the corresponding hard-coded signature script pattern that this type uses.
4. Evaluate and extract public key(s) that belong to that address.

For example if the third input of the tx is from your address that is of type P2SH-P2WPKH then the second witness stack item of the third witness is your public key.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: [Proposal?] Public keys availability for watch-only wallets
June 15, 2021, 01:59:34 PM
#5
One (not so ethical depending on who you ask) way of implementing this without committing changes to Elextrum's protocol or breaking compatibility with other servers' protocols is to retrieve the list of all addresses inside the show_banner or other initialization method, use a block explorer's API to fetch the public keys for the addresses and then print a map between the addresses and the public keys.

I say "not so ethical" because some people are against silent harvesting of addresses & pubkeys.
ranochigo
legendary
Activity: 2954
Merit: 4158
Re: [Proposal?] Public keys availability for watch-only wallets
June 15, 2021, 08:00:27 AM
#4
Quote from: BlackHatCoiner on June 15, 2021, 07:47:52 AM
Well, you could encrypt a message to the owner of the address without having to ask him to give it to you. You could avoid a possible MITM attack this way.
Fair. I would probably recommend people to start using implementations that are designed for secure message exchange instead, PGP etc. Electrum's ECIES was incorrectly implemented in the past and AFAIK isn't widely reviewed either.

Quote from: BlackHatCoiner on June 15, 2021, 07:47:52 AM
How could one spend an output without proving it with a signature? I may have misunderstood this. As for the multi-signature, it could show any key that is exposed from the specified address. Maybe not all of them, if it's not a N-of-N multi-sig.
Not all unlocking scripts require a signature.

Electrum's current protocol documentation doesn't include this. Might be a bit of a hassle implementing this?
BlackHatCoiner
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Re: [Proposal?] Public keys availability for watch-only wallets
June 15, 2021, 07:47:52 AM
#3
Quote from: ranochigo on June 15, 2021, 07:38:12 AM
I'm intrigued though, what would people gain or what use would they have by knowing the public key?
Well, you could encrypt a message to the owner of the address without having to ask him to give it to you. You could avoid a possible MITM attack this way.

Quote from: ?? on ??
1. Maybe there's no function to extract public key from signature.
Maybe? Is this something new that comes with Taproot or Schnorr signatures? Because I'm completely unaware of those two. As far as I know, you can extract the public key of a scriptSig to verify the message.

Quote from: ?? on ??
How should ElectrumX handle script which contain multiple signature or no signature?
How could one spend an output without proving it with a signature? I may have misunderstood this. As for the multi-signature, it could show any key that is exposed from the specified address. Maybe not all of them, if it's not a N-of-N multi-sig.
ranochigo
legendary
Activity: 2954
Merit: 4158
Re: [Proposal?] Public keys availability for watch-only wallets
June 15, 2021, 07:38:12 AM
#2
No point adding additional resources to try to index each of the public keys that has ever been exposed on the network. You have to individually use the scriptsig of each transaction to find the public key. Possible to do, but mostly not very useful for most people. I'm not sure about the resource usage for something like this but I assume that this could take up more resources as well.

You can probably make a pull request for that though I believe it would be quite an intensive code change, from ElectrumX to Electrum protocol as well. Not worth the effort, IMHO.

I'm intrigued though, what would people gain or what use would they have by knowing the public key?
BlackHatCoiner
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Re: [Proposal?] Public keys availability for watch-only wallets
June 15, 2021, 07:32:29 AM
#1
You're revealing the public key(s) of your address(es) once you spend an output, so it can be verifiable from your signature obviously. While ElectrumX is written in a way to only keep the UTXOs of the block chain, I'd like to know why it shouldn't also keep the addresses' public keys.

For example, in a watch-only wallet that wasn't created using a master public key, you won't be able to get an address' public key if it has revealed it. In the above example, it'd be good to know the public key of the address, because it's an extra information I can gain.



I smudged them with red for private reasons.
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: