1
I want to use message signing to prove control of a multi signature Bitcoin address. Is it possible? In theory it must be. In practice, are there any Bitcoin wallets that allow this? Specifically, how can I do this with Armory Lockboxes?
1
I want to use message signing to prove control of a multi signature Bitcoin address. Is it possible? In theory it must be. In practice, are there any Bitcoin wallets that allow this? Specifically, how can I do this with Armory Lockboxes?
1
Signing message is proof of ownership of private key
Multisignature/P2SH address is hash of several (including zero) public keys
So, signing message with M private keys and disclosing the "contents" of msig address M-of-N is proof of control on address.
I do not know are there existing services to sign/verify p2sh addresses, but it is possible. Do not know about Armory/others.
Yes. You would need to disclose public keys and provide signed messages with them. There must be a way in theory to do that without disclosing the public keys. It's actually no different than creating a signed transaction. Is it not? – Emre Kenci – 2014-12-01T09:49:06.960
It is not possible (by default) to get public keys from p2sh-address, so all public keys and their order must be known for verification. – amaclin – 2014-12-01T09:57:32.440
But can we still verify the signature without knowing the public keys and their order? Is it not the same with verification of transaction signatures? – Emre Kenci – 2014-12-01T10:03:54.767
ECDSA verification requires public keys. It is not possible to verify signature without knowledge of public key. It is nonsense to verify message by signature only - no proof of anything. – amaclin – 2014-12-01T10:08:30.240
Ok Thanks. Bear with me for a little while longer :) Does this mean that everytime you broadcast a multi sig transaction you are disclosing the public keys and their order? – Emre Kenci – 2014-12-01T10:20:03.283
Yes of course. Let us take the transaction which redeems from msig address https://blockchain.info/tx/837dea37ddc8b1e3ce646f1a656e79bbd8cc7f558ac56a169626d649ebe2a3ba Have a look on the long hex string in the bottom of this page (Input Scripts section) 52410491... this is all three public keys encoded as 2-of-3 bitcoin script. One more note. Disclosing happens on redeeming from msig output, not while funding
– amaclin – 2014-12-01T10:30:18.890Excellent! Thank you. I assume the same can be done for signing a message rather than a transaction. But what you are saying is that you don't know a client that has built in tools to produce a signature of a message that includes signatures from all public keys required? – Emre Kenci – 2014-12-01T11:06:47.140
I guess a transaction from a multi signature address to the same address with a public note would be better to prove control. – Emre Kenci – 2014-12-01T11:08:54.773
(1) I am not sure that bc.i can add public note to msig->msig transaction. (2) Don't rely on third-party service as bc.i – amaclin – 2014-12-01T11:40:04.393
So is there a practical answer to this question? how to generate a signature from multisig wallet? I do understand that parties sign with their private keys to prove they own their public key, so there is no private key from multisig wallet and that's what confuses me. – rstormsf – 2017-08-24T19:19:30.773