usage flags for bitcoin addresses on OpenPGP keys [was: Re: human readable key algorithm]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jan 24 18:26:51 CET 2014
On 01/24/2014 03:41 AM, Peter Todd wrote:
> FWIW the thinking in the Bitcoin community right now is that you would
> want to add a Bitcoin address to your OpenPGP key as a special type of
> UID. The reason why you want to do that is a key problem in Bitcoin is
> being sure that you're paying the person you think you are - not unlike
> the problem of being sure you're encrypting a message to the right
> person. Think of it as similar to how email addresses go in UID's.
but e-mail addresses are human-readable things, and are not
cryptographic tokens themselves. a bitcoin address is not
human-readable (modulo some very odd humans) and it is a cryptographic
token. It fits the model of an OpenPGP Subkey much more closely than it
fits an OpenPGP User ID.
> Beyond that, we've come up with a scheme known as stealth addresses(1)
> that lets the payee tell the payor how to derive a fresh bitcoin
> addresss for every payment with ECDH so that from the stealth address
> itself an outside observer can't link the payments together. This
> privacy feature is considered to be very important.
This is probably off-topic for this list, but i'd be curious to see the
proposal for this scheme. If the payments are done to new purses, but
the new purses are controlled by the same party, when they are grouped
together for payment in the future the shared ownership becomes
apparent. There has been quite a bit of discussion about how to
de-anonymize bitcoin traffic, and i'm not sure that the proposal you've
sketched combats the techniques that are already commonly being used in
academic research.
For example:
http://eprint.iacr.org/2012/584.pdf
> Now, pragmatic question: What's a decent way to add a new UID type for
> this? Seems that a User Attribute Packet is appropriate, I assume using
> one of the private subpackets for now.
>
> 1) http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03613.html
I think NIIBE Yutaka's proposal of treating it as a subkey with a usage
extension is the right approach. I think it's inappropriate to use a
User Attribute for this purpose.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140124/ac233f63/attachment.sig>
More information about the Gnupg-devel
mailing list