sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
TheoStorm has quit [Ping timeout: 265 seconds]
antanst has quit [Ping timeout: 256 seconds]
AaronvanW has quit [Remote host closed the connection]
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 256 seconds]
Kaizen_ has joined #bitcoin-wizards
Kaizen_ has quit [Ping timeout: 240 seconds]
thrmo has quit [Quit: Waiting for .007]
<kanzure>
if you wanted to reveal some of your secret keys (like arbitrary passwords) upon your demise, without reducing your opsec to whatever the level of opsec of your chosen executor, is there anything better than encrypt everything, give to executor, choose n individuals and give them a shamir secret sharing shard (or a key member of an onion group for lack of better word) and also the name of ...
<kanzure>
...the executor, and also don't have a list anywhere of the individuals?
bageljams has joined #bitcoin-wizards
AaronvanW has quit [Remote host closed the connection]
michaelsdunn1 has joined #bitcoin-wizards
<harding>
kanzure: one or several tamper-resistant devices with internal clock that doesn't reveal its shamir secret shard until after n days after you last push the "I'm still alive" button?
<harding>
kanzure: also petertodd's timelock thingies.
<kanzure>
unfortunately petertodd's timelock encryption thing seems sorta inappropriate because if the concern is about other people's opsec then an adversary steals the encrypted blob and starts timelockputing before your demise right?
SopaXorzTaker has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
tromp has quit [Ping timeout: 265 seconds]
AaronvanW has quit [Ping timeout: 240 seconds]
michaelsdunn1 has quit []
mdunn has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
<harding>
kanzure: Yeah, true. OTOH, if your opsec is good enough that your executor can't access the data/capabilities your keys provide access to until after your death, and if you can change keys at some point before a particular deadline, you can give your executor the initial timelock vector secure in the knowledge that you can continue using x key safely for a minimum of t time. If you die and your executor gets access to your data,
<harding>
then he can (when he gets the final hash) decrypt your key; but if you live and destroy your data or disable your capabilities before he gets the key, your own opsec protects you.
thrmo has joined #bitcoin-wizards
p0nziph0ne has quit [Ping timeout: 256 seconds]
p0nziph0ne has joined #bitcoin-wizards
<kanzure>
oh i see; you're proposing that you don't send the executor an encrypted blob of everything, but rather you couple his ability to decrypt your things to physical possession of your things as well.
marcinja_ has quit [Remote host closed the connection]
tromp has joined #bitcoin-wizards
AaronvanW has joined #bitcoin-wizards
tromp has quit [Ping timeout: 248 seconds]
vicenteH has quit [Ping timeout: 256 seconds]
Chris_Stewart_5 has quit [Ping timeout: 244 seconds]
thrmo_ has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
Emcy has quit [Ping timeout: 240 seconds]
thrmo has quit [Ping timeout: 250 seconds]
Emcy has joined #bitcoin-wizards
son0p has joined #bitcoin-wizards
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 260 seconds]
Kaizen_ has joined #bitcoin-wizards
Kaizen_ has quit [Remote host closed the connection]
Kaizen_ has joined #bitcoin-wizards
Kaizen_ has quit [Remote host closed the connection]
setpill has quit [Quit: o/]
enemabandit has quit [Ping timeout: 252 seconds]
leishman has joined #bitcoin-wizards
thrmo_ is now known as thrmo
Kaizen_ has joined #bitcoin-wizards
Kaizen_ has quit [Ping timeout: 256 seconds]
vicenteH has joined #bitcoin-wizards
Kaizen_ has joined #bitcoin-wizards
Kaizen_ has quit [Ping timeout: 255 seconds]
tromp has joined #bitcoin-wizards
tromp has quit [Ping timeout: 268 seconds]
<kewde[m]>
Is anyone aware of a standard/convention for ordering pubkeys in a multisignature redeem script? BIP69 is crystal clear at the transactional level, but ambigious about the ordering within a script. I'm going lexographically, but ping me if that's not the case. The only other (reasonable) ordering is randomized which seems to go against the spirit of BIP69.
kenshi84 has joined #bitcoin-wizards
kenshi84_ has quit [Ping timeout: 276 seconds]
<gmaxwell>
I don't think BIP69 is a good idea regardless.
endogenic has joined #bitcoin-wizards
<waxwing>
gmaxwell, provost did make a fair comment about that: in a scenario where you want to know it's been chosen by a specific (and meaningless) algo, BIP69 in txs has the advantage that it's externally verifiable that BIP69 has been used.
<waxwing>
(talking about txs, coinjoins specifically, not multisig so apologies for dragging off the topic kewde[m] )
tromp has joined #bitcoin-wizards
<gmaxwell>
waxwing: yes but you could make your order random based on a seed known to your case.
<gmaxwell>
69 also unfortunately proscribes a particular order that is potentially incompatible with some use cases.
<waxwing>
ok on the first point. but curious what the second point is (incompatibility)
mdunn is now known as michaelsdunn1
<gmaxwell>
For example, people have proposed sighash flags that privleged placement (like ones that signed above inputs but not below), we've also evaluated transaction encoding that make transactions smaller if scriptpubkey reuse is sequential.
<waxwing>
oh right. valid point.
<waxwing>
a standard for multisig, though, that seems like a more compelling argument (for compatibility of different signers), than the idea of bip69 for homogeneity/privacy in tx patterns. i think.
<gmaxwell>
multisig should arguably be ordered so that the keys most likely to sign are first.
<gmaxwell>
because of the stupid trial and error operation inside checksig.
tromp has quit [Remote host closed the connection]
<kewde[m]>
To the best of my knowledge, copay is one of the most used multisignature wallets? It makes sense to me to blend in with their pattern (for now atleast). A quick peek at their source code seems to indicate that they too are sorting lexographically in bitcore-lib ( https://github.com/bitpay/bitcore-lib/blob/master/lib/address.js#L255 )
grubles has quit [Quit: Leaving]
mits has joined #bitcoin-wizards
<arubi>
isn't it possible to soft fork the dummy element in multisig to be a bitmap of which keys signed the script?