Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: How to prove to someone that an Bitcoin address (or UTXO) belongs to you?
by
aliashraf
on 27/04/2019, 22:35:06 UTC
Quote from: pooya87 on April 26, 2019, 04:46:12 AM
Quote from: aliashraf on April 25, 2019, 01:30:05 PM
You need to:
1- generate a new address/wallet
2- announce the address to other party
3- transfer funds from the original utxo to new address
this method is not good at all because first of all it forces you to create an unnecessary on-chain transaction and pay fees, specially nowadays that fees are shooting up again.
secondly it is not reliable since it can be faked. you have no way of knowing whether the sending address or receiving address belong to the person trying to prove ownership.
Proving ownership of an address is not a common practice to be worried about unnecessary on-chain transactions. It can't be faked because before transferring funds you announce the address to the counter party as your address, just like when you give your receiving address to other people, you don't need to prove that you own your receiving address because it is where the funds are supposed to go.

Quote
Quote
Note: Signing a message with your private key is not safe because you need to disclose the corresponding pubkey (which your address is its RIPEMD-160 hash).
you don't exactly disclose your pubkey, not directly anyways. you only reveal your signature and  your public key can be found from that. and more importantly you can NOT call it "not safe" because it is perfectly safe, as safe as millions of translations that have been made so far. in other words just because some day ECDSA may be broken doesn't mean it is not safe today.
You eventually disclose your public key and counter party has to check its RIPEMD-160 hash against the address you claim as your property. Once s/he approves your public key as being the real key behind the address, information has leaked and it is not safe as we will see.

As of your safety argument: You are absolutely wrong.
1- Historical transactions have been stoned in the blockchain and it is why they are safe not because of security of ECDSA.

2- ECDSA 256k1 becoming broken "some day"does not imply a magical invention that makes it a piece of cake for average intruder to guess keys in like few seconds or minutes, it means progress in algorithms and hardware that primarily makes it feasible for a large processing power to do the job in polynomial time/space (for instance in weeks or months using few Exa bytes of memory). Bitcoin could safely operate for a couple of months or a year after such progress because the public keys are exposed to this attack in a very short window of time (pending phase of the txn) that won't last more than few minutes. But permanently leaked public keys/re-used addresses are exposed to the attack for months or years.

3- You know that re-using addresses in bitcoin is not recommended, I wonder how do you think about it? Are you a fan of re-using addresses? Why not?