I have a possible solution: Take all public keys encoded in the purpose-specific extended public keys (m/45') of all cosigners and sort them lexicographically, according to BIP-45. Serialize this information and calculate its HASH160 (RIPEMD160 ∘ HASH256). Split the output in five 32-bit chunks, setting the MSB on all of them to 0. Use these 32-bit chunks to build a derivation path from the purpose-specific extended public keys. Treat this derivation path as if it was the purpose-specific extended public key in BIP-45.
This scheme will avoid public key sharing, and as long as you share your purpose-specific extended public key only with your cosigners, it should be relatively hard for a passive observer to link activity between different cosigning accounts. On 03/10/15 13:42, Jean-Pierre Rupp via bitcoin-dev wrote: > Hello, > > I have been reviewing BIP-45 today. There is a privacy problem with it > that should at least be mentioned in the document. > > When using the same extended public key for all multisig activity, and > dealing with different cosigners in separate multisig accounts, reuse of > the same set of public keys means that all cosigners from all accounts > will be able to monitor multisig activity from every other cosigner, in > every other account. > > Besides privacy considerations, HD wallet's non-reuse of public keys > provide some defence against wallets that do not implement deterministic > signing, and use poor entropy for signature nonces. > > Unless users are expected to establish a single cosigning account, this > scheme will result in reuse of public keys, and degradation of privacy. > > I understand that for convenience it is useful to have a single extended > public key that can be handed to every cosigner. This makes setting up > accounts or recovering from data loss a easier. > > I suggest that privacy & potential security degradation due to increased > public key reuse in the case of users with multiple multisig accounts > should get a mention in the BIP-45 document. > > Greetings _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
