1.8 KiB
HIP304 - z_signmessage + z_verifymessage
HIP: 304
Title: Signing and verifying messages from Sapling addresses
Author: Duke Leto
Category: Standards
Created: 2020-02-02
License: GPLv3
Terminology
The key words "MUST", "MUST NOT", and "MAY" in this document are to be interpreted as described in RFC 2119. [#RFC2119]
Abstract
This is an xxx HIP describing signed Sapling messages.
Motivation
TLDR: Extend the signmessage and verifymessage RPCs to Sapling shielded addresses.
Many people, including the author, have created Github issues asking for the ability to
sign messages with zaddrs. Originally, it was not possible with Sprout addresses but
now Sapling zaddrs have the internal machinery to support this use case.
Specification
This document specifies two new RPCs
z_signmessage
z_verifymessage
which are direct shielded counterparts to the original Bitcoin RPCs:
signmessage
verifymessage
This specification is directly influenced by various Zcash Github issues and ZIP304 such as https://github.com/zcash/zcash/issues/3159 and https://github.com/zcash/zcash/issues/1770 and the algorithm designed by Daira and other Zcash developers. We simply took the publicly defined algorithm and decided to actually implement it and decide any implementation details that would be needed along the way.
Internal Design
One option would be to write a custom zk-SNARK "circuit" to support signing via a zaddr. This would be a large amount of work and was dismissed, reasonably, as not viable by Zcash developers.
References
.. [#RFC2119] Key words for use in RFCs to Indicate Requirement Levels <https://tools.ietf.org/html/rfc2119>_
.. [#BIP32] Hierarchical Deterministic Wallets <https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki>_