digital signature – JWS: signing HTTP requests

There is “Signing HTTP Requests via JSON Web Signatures” https://tools.ietf.org/html/draft-richanna-http-jwt-signature-00 that specifies a method [although it has expired].

It seems to require that the JWS payload is JSON [which is not true in general for JWS, I believe]. It adds sha256 hashes to the JSON object. For example, for HTTP headers in a canonicalised string of:

content-type: application/json
etag: 742-3u8f34-3r2nvv3

that has sha256 bZA981YJBrPlIzOvplbu3e7ueREXXr38vSkxIBYOaxI, then it adds to the JSON payload:

"h": [["content-type", "etag"], "bZA981YJBrPlIzOvplbu3e7ueREXXr38vSkxIBYOaxI"]

I’m not such a crazy fan of this for the facts that it requires certain top-level keys in the JSON payload, and that it requires a JSON payload at all. For example, seems tricky to use this for a large binary payload.

digital signature – How to “trust” data that is posted from one application to other

We have a use case where a bunch of data needs to be posted from our application to a partner site where the end user takes some actions and then returns back to our site. On the return, the partner site also posts some data back to us. We need to establish trust for both the redirects.. i.e. the partner site needs to confirm that the data is originated at our end and hasn’t been modified during the transmission nd the same applies for post back from partner site. Our main constraint is that it should be a low cost solution for our partners. Our application is a multi-tenanted app with various partners (dozens). The usecase is applicable for all of them.

One option we looked at is a two step process, where our site posts a unique transaction id to the partner site which then calls a webservice hosted by us to get the complete data. We can secure our webservice using 2-way SSL auth and same goes for the data from the partner site. But the problem with the extra cost involved in creating a webservice at each partner end. This would delay the onboarding of a new partner and increase the cost.

Are there other alternatives to this problem than the PKI based solution?

lightning network – What is “signature recovery”?

Bolt #11 defines a “tagged field,” n, which identifies the payee by a public key, but it isn’t required. It also requires a signature which can be verified only if the public key is known. When tagged field n is not included, something called “signature recovery” is required. How does that work?

I ask because I was thinking that if I get two invoices, I should be able to determine if they indicate the same payee. I thought tagged field ‘n’ would be great for this, but it might not be supplied. So how can I compare the two invoices to see if they came from the same node? If signature recovery is built in, I guess that means I can get the public key even if tagged field ‘n’ is missing. But how would I do that?

multi signature – What are the sizes of single-sig and 2-of-3 multisig taproot inputs?

Everything below is best effort. Corrections welcome!

Taproot generally has two ways of spending. The default way is to spend the output using the key path: pay-to-taproot then behaves like a p2pk output except that it is using a schnorr signature and the corresponding address being encoded using bech32.

The alternative is to reveal that the inner key was tweaked with the root of a Merkle tree, the Merkel path to one of the leafs, and the arbitrary segwit v1 script contained in the leaf, and then to fulfill the spending conditions of this script.

In the following, a 2-of-3 spending condition is split out into three 2-of-2 conditions:

2-of-{A, B, C} = (A && B) || (A && C) || (B && C)

The assumption is that two of the keys are hot while the third is a backup key for recovery. The default case of spending with the two hot keys is aggregated into the root path pubkey using MuSig. The other two spending conditions using the backup key are stored leaves of the tree. Two variants are explored: one where the backup key is capable of participating in MuSig signing, another that falls back to a simpler multisig scheme where signing is non-interactive e.g. because the backup key is airgapped and the multiple roundtrips required for MuSig are inconvenient.

* outpoint (txid:vout): 32+4vB
* scriptSig size: 1vB
* nSequence: 4vB
* num witness items: 1WU
* witness item size: 1WU
* signature: 64WU

32+4+1+4+(1+1+64)/4 = 57.5vB

Depth 0 control block:

  * Length of control block: 1WU
  * Header byte (script version, sign of output key): 1WU
  * Inner key of root key: 32WU
= 34WU

Depth 1 control block:

  * Length of control block: 1WU
  * Header byte: 1WU
  * Inner key of root key: 32WU
  * Hashing partner in tree: 32WU
= 66WU

Script path spend assuming 2-of-2 MuSig leaf

* script size: 1WU
* script "<pk> OP_CHECKSIG": 33+1WU
* Depth 1 Control block: 66WU

57.5+(1+34+66)/4 = 82.75vB

Leafs cannot do MuSig, construction with 2-of-2 OP_CHECKSIG:

* +2nd sig: 1+64WU
* script size: 1WU
* Script "<pk1> OP_CHECKSIGVERIFY <pk2> OP_CHECKSIG": 33+1+33+1=68WU
* Depth 1 Control block: 66WU

57.5+(1+64+1+68+1+1+32+32)/4 = 107.5vB 

Less inefficient construction for 2-of-2 OP_CHECKSIG

* +2nd sig: 1+64WU
* Length of script: 1WU
* Script "<pk1> OP_CHECKSIGVERIFY <pk2> OP_CHECKSIG 2 OP_EQUAL": 33+1+33+1+1+1=70WU
* Depth 1 Control block: 66WU

57.5+(1+64+1+70+66)/4 = 108vB

Less private, more costly variant with a single 2-of-3 leaf in lieu of two 2-of-2 leaves:

* +2nd sig: 1+64WU
* +1 empty witness item: 2WU
* Length of script: 1WU
* Script "<pk1> OP_CHECKSIG <pk2> OP_CHECKSIGADD <pk3> OP_CHECKSIGADD 2 OP_EQUAL": 33+1+33+1+33+1+2=104WU
* Depth 0 Control block:

57.5+(1+64+2+1+104+1+1+32)/4 = 109vB

mobile – How would you ask the user if his signed signature resembles the ID card?

I don't think you can guarantee that

If you try to get users to imitate what their signature should be like, you will open up many cases where people struggle with their device and cannot make it look the same. It reminds me of every time I receive a package and they let me sign that I have received it. Even with a pen, my signature looks like a 3-year-old tried to forge my signature.

In general, you use other methods to verify that someone is who you say you are than your signature. Is it really a requirement that the signatures match? It can be very difficult to do this because people's signature can be changed over time AND A finger drawing on a screen is not the most accurate.

When it comes to digital signing, the process is usually preceded by a few steps.

  • Log in with credentials with or without 2-factor authentication in a secure environment.
  • Identify yourself with an identity card, passport or driver's license

The signing itself takes place afterwards. As far as I know, most digital signature tools do not match the signatures. What happens is that a manual review is carried out by the company that receives the signed document. You rely on the previous steps to ensure that the signatory is authorized to do so.

If you just want to encourage people to look like it, just tell them with some help, but don't punish them if it looks a bit bad.

mobile – How would you ask the user if his signed signature resembles the ID card?

I don't think you can guarantee that

If you try to get users to imitate what their signature should be like, you will open up many cases where people struggle with their device and cannot make it look the same. It reminds me of every time I receive a package and they let me sign that I have received it. Even with a pen, my signature looks like a 3-year-old tried to forge my signature.

In general, you use other methods to verify that someone is who you say you are than your signature. Is it really a requirement that the signatures match? It can be very difficult to do this because people's signature can be changed over time AND A finger drawing on a screen is not the most accurate.

When it comes to digital signing, the process is usually preceded by a few steps.

  • Log in with credentials with or without 2-factor authentication in a secure environment.
  • Identify yourself with an identity card, passport or driver's license

The signing itself takes place afterwards. As far as I know, most digital signature tools do not match the signatures. What happens is that a manual review is carried out by the company that receives the signed document. You rely on the previous steps to ensure that the signatory is authorized to do so.

If you just want to encourage people to look like it, just tell them with some help, but don't punish them if it looks a bit bad.

Digital signature – is it possible to guess CV codes from ccn and ccexp?

If I'm not mistaken, the visa is easy to guess, isn't it?

Let's say if I have 100,000 credit card numbers and an expiry date, it is possible to attack 5 attteps per day

All cards with 5 identical gateway / API payment methods and cards are not blocked due to several attempts.

If so, it is possible to create about 10 APIs and check them daily with 50 cvv attempts

So, in the end, do we get all 100,000 CVV code cards in 20 days (50 guesses 000-001-002 daily)?

https://prnt.sc/sd5lsx <- This form contains the CC number and the exp date