Topic: Stake your Bitcoin address here - page 35. (Read 1462782 times)

Thank you.

If your account got hacked and staked a new address, the hacker would be asked to sign a message from your old address. The above post is an example of what I'm talking about.

Any chance you can confirm this new address by signing from your old address?

Quoted and verified with Electrum:

-----BEGIN BITCOIN SIGNED MESSAGE-----
"This is jamyr from bitcointalk, would like to stake this address. Today is 5/25/2021"
-----BEGIN SIGNATURE-----
bc1qjuruw650aqp0le6cq2v8yh7ur6pvujxsf4es02
IFY+lFklLIxdEP+ZexhCL/o+WToKCMUULBA6CaLx6AHkDj1lmab4uvBRFTRSLrIHgYNSsjQvOnSVFyDOvHBcZa4=
-----END BITCOIN SIGNED MESSAGE-----

Quoted and verified.

Hello, I think I succeeded! Please, can you verify it? Thank you!

This made me curious how many posts have been deleted from this topic. I don't have full data on the oldest posts on this topic, but I do have the newest posts. I've temporarily adjusted LoyceV's Topic Details: highlight deleted and edited posts (forum wide) to scrape more than 250 pages.

See:
** Please don't quote this link, it will trigger scraping 250 pages again **
https://loyce.club/archive/details/topic_996318_2021-05-24_Mon_16.07h.html (6 MB)
** Please don't quote this link, it will trigger scraping 250 pages again **
(CTRL-F "Deleted!")

Mr X has stacked bitcoin address 1 here years ago for example. Mr X wants to add address 2 without signing a message with address 1, it is ok, he is free.
Now when it comes to recovering his hacked account, he has to sign with the first stacked address.
Now if he posted address 2 + signed a message with address 1 + asked to not consider addy 1 to belong to him anymore, then in case of hack, address 2 will be used to recover the account.
The spirit of this topic is to stake 1 bitcoin address for recovering purposes. I don't see the point for staking another unless it will replace it. Normally the guy staking a 2nd address should be able to provide a signed message whenever asked to prove he is the real owner. Posting an address here even if it is years old without signing the older one won't make it as important as the first one.

The new address needs to be signed with the old address. Nesting may be sufficient, but I was explicitly stating that the new address is also valid.

I guess this would be sufficient:


Edit: nested signatures work if the signing software modifies markers of the interior message as above.

What if my account gets hacked and the new owner stack a new address?  
fillippone_hacked signs the old address.
fillippone the new one.

Would the situation be sorted with: the old address always wins?

What if the old address gets compromised after I sign a new message?

It's complicated...but signing a new address without having proof of ownership of the old one is a weak practice, in my humble opinion.



EDIT: @odolvlobo posted a great suggestion of nested addresses while I was posting it. Wondering the technical feasibility of nested signature.
EDIT2: @odolvlobo is that a typo? two  in the signed message? One of them should be the  , you might want to check it, I will eventually delete this edit.

Here is my understanding:

The point of posting an address is to give you the ability to use that address later to prove that you were the owner of the account at the time that the address was posted.

Posting a address does not prove that the account holder controls the address, but that may be a reasonable assumption if a signed message stating that fact is posted.

Quoting the post helps to ensure that any subsequent change to the post can be detected.

Signing a message has a minor benefit. It allows the address owner to make a statement (but note that the statement can be false). Typically, the address owner asserts that they control the account and that a signed message is sufficient proof of ownership of the account. It is assumed that the account holder would not post the signed message if they did not accept it.

In short, the user should post this signed message and it needs to be quoted:


In posting a signed message containing the new address, the current account holder proves that they are the original account holder and presumably states that a message signed with the new address is also sufficient proof. This effectively makes messages signed with the new address as good as messages signed with the old address.

Posting a new address not signed with the old address gives the current account holder a way to later prove that they owned the account, but it does not prove that they are the original account holder.

I think your suggestion is good, but I would do it more like this because it is more secure. Note that the message signed with the new address is contained in the first signed message. This prevents anyone, including mods and hackers, from substituting a different new address. On the other hand, if the new address is signed with both addresses separately like you did, I suppose that works just as well.


Edit: nested signatures work if the signing software modifies markers of the interior message as above.

You may not want to sign a message from your old address. That's okay, but if you ever need to prove you're the owner you'll have to sign from the old one. You could do what you say if you want to get rid of the old address as a proof of ownership.

There might have two cases for signing with a new address without proofing the sign of old address. 1. the owner of the address lost access of old address/private key. Didn't know that need to proof by his/her old address first.

Sorry to nitpick, but I think the whole point of this thread is securing the ownership of a bitcoin address. What is the point of signing a NEW address without proof of ownership of the OLD address?

I think we should do like this:

Quoted and verified (on Electrum)

Can you please try once more? Thanks!

I can't verify it.

Signed using Electrum. Please verify. Thanks in advance.

Quoted and verified.