If 'x' is public, that makes it identifiable and privacy-losing across
inputs.
To avoid "re-use" I suppose you'd want to sign some message like
`HMAC("ownership proof", H(A || x) )` instead. Otherwise any signature you
make using `A` ends up being used as a proof you don't know the input(this
seem
On 21.08.2017 20:12, Greg Sanders via bitcoin-dev wrote:
> To fix this I consulted with andytoshi and got something we think works
> for both cases:
>
> 1) When a signing device receives a partially signed transaction, all
> inputs must come with a ownership proof:
> - For the input at address A,
Some related thoughts and suggestion for an extension that kanzure
suggested I post here:
Hardware Wallet attacks by input ownership omission and fix
--
So a while back I realized that to have HW wallets do safe automa
On Fri, Aug 18, 2017 at 5:11 PM, Andrew Chow via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> I would like to propose a standard format for unsigned and partially
> signed transactions.
>
Just a quick note but perhaps you and other readers would find this thread
(on hardware wal
Hi everyone,
I would like to propose a standard format for unsigned and partially signed
transactions.
===Abstract===
This document proposes a binary transaction format which contains the
information
necessary for a signer to produce signatures for the transaction and holds
the
signatures for an
