[Bitcoin-development] BIP-13

2012-02-20 Thread Michael Grønager 
Just posted this on the wiki BIP-13 discussion - should I make it into a BIP of 
its own ?

---
The version portion of the address has so far been labeled network id, and 
indicates from which network and which chain the address can be used for. I 
think that this change from network id to version is much more fundamental and 
should not just be squeezed in along with bip16/17. The right way to do this is 
to structure the bitcoin address into:

base58-encode: [one-byte network ID][20-byte hash][one-byte address 
class][3-byte checksum]

This will move the possibility of using a faulty address from 1 to 4bill to 1 
to 24mio. Recall that for most other payment systems this checksum is 1 to 9! 
So it should be sufficient. An old client will then render the new addresses as 
useless and they will still maintain their old familiar 1xxx look - the whole 
point in multisig is that it should not be a matter of the paying party to 
worry about securing wallet of the receiver, hence he should not be bothered 
with a new 3 kind of address now... --Michael Gronager/libcoin 10:49, 20 
February 2012 (GMT)



--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] BIP-13

2012-02-20 Thread Gavin Andresen 
RE:
 base58-encode: [one-byte network ID][20-byte hash][one-byte address
class][3-byte checksum]

How will the code distinguish between the old scheme:
[one-byte-version][20-byte-hash][4-byte-checksum]
and the new?

1 in 256 old addresses will have a first-byte-of-checksum that matches the
new address class; I guess the code would do something like:

a) If the 4-byte checksum matches, then assume it is a singlesig address (1
in 2^32 multisig addresses will incorrectly match)
b) If the one-byte-address-class and 3-byte checksum match, then it is a
valid p2sh
c) Otherwise, invalid address

The 1 in 2^32 multisig addresses also being valid singlesig addresses makes
me think this scheme won't work-- an attacker willing to generate 8 billion
or so ECDSA keys could generate a single/multisig collision.  I'm not sure
how that could be leveraged to their advantage, but I bet they'd find a way.

RE: should it be a BIP:  The BIP process is described in BIP
0001https://en.bitcoin.it/wiki/BIP_0001#BIP_Work_Flow,
and you're following it perfectly so far:

1) Post a rough draft of the idea here to see if there's any chance it'll
be adopted
2) Assuming a positive response and no major flaws: write up a draft BIP
3) Post the draft BIP here, where it can be picked apart.
4) Assuming no major flaws, ask the BIP editor (Amir) for a BIP number

I'd also encourage you to actually implement your idea between steps 3 and
4. But in this particular case, I think an attacker being able to create
singlesig/p2sh address collisions counts as a major flaw.

-- 
--
Gavin Andresen
--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development