Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 11 from 6 users
Topic OP
Questions about generic signmessage (BIP322)
by
tiagocs
on 11/07/2020, 19:45:44 UTC
⭐ Merited by dbshck (4) ,ETFbitcoin (2) ,o_e_l_e_o (2) ,pooya87 (1) ,Coolcryptovator (1) ,Heisenberg_Hunter (1)
I have two questions regarding the generalization of message signing/verification that has until recently only been done with legacy addresses through the RPC commands signmessage/verifymessage.

1 - Why was it chosen to prepend the scriptPubKey (when not P2PKH) to the preimage? To me, this adds unnecessary complexity which will slow down the adoption of BIP 322 by bitcoin libraries.

2 - In https://bitcoinops.org/en/topics/generic-signmessage , it can be read "This means a signed message can be produced for any script or address that a wallet would be able to spend. Additionally, two or more wallets can cooperate to create a BIP322 signed message for multisig scripts.". Additionally, BIP322 states that in order to sign: (https://github.com/bitcoin/bips/blob/master/bip-0322.mediawiki#signing) "Derive the private key privkey for the scriptPubKey". I just don't know how this is possible, it should be impossible to derive a private key from a scriptPubKey of a multisig for example. For a multisig there are a set of private and public keys of the owners, can there be a single private key of the whole multisig that can sign anything without the other's approval? And even if yes, how can the public key of this derived master multisig private key match the public key hash which is a hash of the locking script?