SIG_ALL for multi-party transactions #319

New issue

Open

opened 2025-12-03 19:03:31 +00:00 by robwoodgate · 0 comments

robwoodgate commented

2025-12-03 19:03:31 +00:00

(Migrated from github.com)

The SIG_ALL flag requires transactions to be signed over both the input proofs and the output blinded messages.

This presents a problem for multi-party SIG_ALL transactions, where parties are in separate locations, as they must each sign the "first input proof" using the transaction's aggregated "message to sign".

Passing around inputs and outputs so parties can construct the message to sign is problematic and potentially leaches privacy, because the blinding factors must also be sent if other parties are to read them, otherwise they are "signing blind".

In practical terms, only the agreed receiver (or trusted co-ordinator) needs the underlying unblinded messages. So it is simpler if they create, store and craft the message to sign, then pass that around for signing.

The SIG_ALL flag requires transactions to be signed over both the input proofs and the output blinded messages. This presents a problem for multi-party `SIG_ALL` transactions, where parties are in separate locations, as they must each sign the "first input proof" using the transaction's aggregated "message to sign". Passing around inputs and outputs so parties can construct the message to sign is problematic and potentially leaches privacy, because the blinding factors must also be sent if other parties are to read them, otherwise they are "signing blind". In practical terms, only the agreed receiver (or trusted co-ordinator) needs the underlying unblinded messages. So it is simpler if they create, store and craft the message to sign, then pass that around for signing.