Sparrow and Electrum produce different signatures

sparrowwallet / sparrow

Desktop Bitcoin Wallet focused on security and privacy. Free and open source.

https://sparrowwallet.com/

Apache License 2.0

1.28k stars 185 forks source link

Sparrow and Electrum produce different signatures #39

Closed louneskmt closed 3 years ago

louneskmt commented 3 years ago

Hi!

I recently tried to sign a message from Sparrow, to prove my ownership of an address, but the signature got rejected on the website. So I tried with Electrum: I exported the wallet, opened it in Electrum, and signed the same message with the same address, and it resulted to a different signature, which has been accepted by the website.

For example, let's sign the message containing just the word Test with this address 36TcRXxXDgwv5J78EL8QnTTyh5owFAXpb9:

Electrum sig:

ID22tR17Iv4JDZOPTDznywOrmP6YsJEhEvlQhvYjqdO4VCiFJOGXiTpZcxzzdOgb4U4/5BsCbnHg/E1xDddgKLY=

Sparrow sig:

I21pjaclbCUb+agjKkFTJSHdKYPACzDjsrHdimpuXIEBSDb1kicauaWHZzo+he397Isug//jNNUdF22wf2QQQeY=

They are different, and each one is considered as invalided when verified in the software that did not produced it.

craigraw commented 3 years ago

First off, that's strange - I am able to verify the Electrum sig using Sparrow. Can you try again?

The longer answer is that, unfortunately, there is no universal standard for message signing for non-P2PKH (addresses that start with 3 or bc1), and in fact Core does not support signing messages with these addresses. Electrum and Trezor followed different paths that unfortunately create different signatures. You can read more about it here: https://github.com/bitcoinjs/bitcoinjs-message/pull/29

Sparrow tries to be standards compliant, and so follows the Trezor path (which is at least documented in a BIP: https://github.com/bitcoin/bips/blob/master/bip-0137.mediawiki) in terms of generating signatures. Sparrow will however validate signatures using the Electrum format as well.

louneskmt commented 3 years ago

First off, that's strange - I am able to verify the Electrum sig using Sparrow. Can you try again?

Just tried again: it appears that Sparrow can verify Electrum sig while Electrum can't for Sparrow sig.

Thanks for the multiple details and links. Indeed, I tried a few online tools to verify Bitcoin signatures, and none of them give the same result (one accepts both sig, while another accepts only one out of 2, and others neither of them).

Also, I'd suggest to display the hash of the message to be signed in Sparrow, as HW like Ledger display it on its screen, to allow the user to verify it directly on the device. We actually don't know if we sign the good message and not another one, as we cannot compare hashes.

Thanks a lot again.

6102bitcoin commented 3 years ago

Outstanding Action: Add note that electrum can't verify sparrow sigs? Proposed Priority: Medium (Could cause confusion / frustration)

craigraw commented 3 years ago

As of dbfed31 Sparrow now allows toggling between the Electrum and BIP137 signature formats:

Signatures from messages signed with non-P2PKH addresses can now be verified in Electrum. Closing this off as resolved.

louneskmt commented 3 years ago

Awesome work, thanks @craigraw!