How can I sign a message with a multi signature address?

1

I want to use message signing to prove control of a multi signature Bitcoin address. Is it possible? In theory it must be. In practice, are there any Bitcoin wallets that allow this? Specifically, how can I do this with Armory Lockboxes?

Emre Kenci

Posted 2014-12-01T09:17:56.457

Reputation: 3 008

Answers

1

Signing message is proof of ownership of private key

Multisignature/P2SH address is hash of several (including zero) public keys

So, signing message with M private keys and disclosing the "contents" of msig address M-of-N is proof of control on address.

I do not know are there existing services to sign/verify p2sh addresses, but it is possible. Do not know about Armory/others.

amaclin

Posted 2014-12-01T09:17:56.457

Reputation: 5 763

Yes. You would need to disclose public keys and provide signed messages with them. There must be a way in theory to do that without disclosing the public keys. It's actually no different than creating a signed transaction. Is it not?Emre Kenci 2014-12-01T09:49:06.960

It is not possible (by default) to get public keys from p2sh-address, so all public keys and their order must be known for verification.amaclin 2014-12-01T09:57:32.440

But can we still verify the signature without knowing the public keys and their order? Is it not the same with verification of transaction signatures?Emre Kenci 2014-12-01T10:03:54.767

ECDSA verification requires public keys. It is not possible to verify signature without knowledge of public key. It is nonsense to verify message by signature only - no proof of anything.amaclin 2014-12-01T10:08:30.240

Ok Thanks. Bear with me for a little while longer :) Does this mean that everytime you broadcast a multi sig transaction you are disclosing the public keys and their order?Emre Kenci 2014-12-01T10:20:03.283

Yes of course. Let us take the transaction which redeems from msig address https://blockchain.info/tx/837dea37ddc8b1e3ce646f1a656e79bbd8cc7f558ac56a169626d649ebe2a3ba Have a look on the long hex string in the bottom of this page (Input Scripts section) 52410491... this is all three public keys encoded as 2-of-3 bitcoin script. One more note. Disclosing happens on redeeming from msig output, not while funding

amaclin 2014-12-01T10:30:18.890

Excellent! Thank you. I assume the same can be done for signing a message rather than a transaction. But what you are saying is that you don't know a client that has built in tools to produce a signature of a message that includes signatures from all public keys required?Emre Kenci 2014-12-01T11:06:47.140

I guess a transaction from a multi signature address to the same address with a public note would be better to prove control.Emre Kenci 2014-12-01T11:08:54.773

(1) I am not sure that bc.i can add public note to msig->msig transaction. (2) Don't rely on third-party service as bc.iamaclin 2014-12-01T11:40:04.393

So is there a practical answer to this question? how to generate a signature from multisig wallet? I do understand that parties sign with their private keys to prove they own their public key, so there is no private key from multisig wallet and that's what confuses me.rstormsf 2017-08-24T19:19:30.773