Hacker News new | past | comments | ask | show | jobs | submit login

> OFFICIAL ANONYMOUS (not to be confused with 'Anonymous Official' grifters)

They should sign an ethereum address to reduce ambiguity

(Any crypto asset address is fine, even PGP is good enough for this but PGP had 25 years to make that user friendly and common but failed, and cryptocurrencies made signing software more prevalent and uniform wayyyyy faster)

"PGP" is an algorithm, not an organization or movement, so you can't really say it failed. The algorithm is pretty good, though some implementations are really bad, and most programs who embed it have bad UX.

However, there's still some very good programs with good UX making use of PGP (for example delta.chat), and to this day no cryptomoney scam wallet has ever been as useful as PGP has over the years.

I’ve never heard PGP described as an algorithm before. I think it’s more accurate to describe it as a signing and encryption envelope standard, which internally supports a whole bunch of common encryption standards.

More generally, there’s broad consensus in the cryptographic community that PGP’s intended uses and design are fundamentally flawed/mismatched against modern actual uses.

Don’t get me wrong! Cryptocurrency is filled with shysters and I don’t use any of them. But we should probably be encouraging users to stop treating PGP over email as if it does anything and instead encourage them to switch to E2EE systems (since that’s what the majority actually want.)

"cryptomoney scam wallets" have likely secured many more deals with offline verification signatures over the past 5 years than PGP has over 25 years. no need to conflate that with transactions and value transfer. its just public and private key cryptography and inherits everything that PGP offers.

this algorithm has failed to proliferate outside of thin security conscious niches for an entire generation of internet users, and has been leapfrogged.

> The algorithm is pretty good

It really isn't. It uses CFB and does not have a MAC, while the format is overly complicated for no reason.

Signing in this context would be debatable, in that it may call into question of how much one would (personally) be willing to risk ownership claims of a crypto asset or content.

Remember when satellite.earth "pioneered" this idea for their platform? (not ragging on them but some of the content posted on there were insightful and unique)

I dont remember and I have no idea what you are alluding to

You can literally generate any public key / address hash that conforms with a blockchain and sign it and anyone can verify that you therefore control it

This has zero crypto assets involved and has no trail of assets so what are you talking about? If anyone sends funds to the address hash the owners can just tornado.cash it and withdraw it somewhere else with an instruction sent over the relay with no prior link to the funds or address. Its perfect right now. But what do you perceive?

> They should sign an ethereum address to reduce ambiguity

^I'm responding to this


I am still openly questioning the nature of blockchain and open ledgers: trivial associations with transaction activity and address history can be had or via more complex analysis with clustering, modeling, etc (ie: Chainalysis). I used to think that a simple signature confirmation claiming "this is my email address" would be okay for solicited communications but what would happen if the channel used becomes adversarial?

Apologies but I'm failing at framing my own argument here as I'm confusing the intersection and implications of the current "NFT art" craze that's been happening. For example, some Tezos-based art projects are in reality minting your signature on the blockchain with an asset they host on an external source, eg: ipfs. You own the signature but do you really want to publicly "own" something controversial and perhaps illegal within your country's jurisdiction?

Yes, you are confusing and conflating a lot of topics simply because you saw the word Ethereum or blockchain (or maybe "signature" if I'm reading this correctly). A lot of people do it. I've been in plenty of circumstances where people go on incoherent jumbles of words in response to the word blockchain.

Signing an address has nothing to do with linkability or transaction history, or even blockchains, as this is not a transaction and requires no funds. It requires having generated the private key, client side. Signing proves you control the private key, public key and address hash. A signature allows other people to verify that you in fact do have control of that address. When looking at the address on a blockchain, it can be empty, no funds, and simply relegated to being a unique identifier for the person that signed the address.

Okay, so let's assume this is confusing because it conflicts with something else you thought you experienced regarding blockchains. Well just erase all that from your mind, and read on:

Blockchains use a namespace of address hashes. Private keys to generate those address hashes are only generated client side by the user, and there is enough randomness and entropy for no other user to generate the same private key, public key and address hash. But within the namespace, all public keys and address hashes already exist. I think this is the fundamentally different paradigm than account numbers like at a bank. At banks, for example, accounts numbers are incremental. ie. When an account is created new row is added to the account database it has an ID that goes up by one, and all the attributes of the account did not exist until the point in time that the server was instructed to create the account. In blockchains using a designated cryptographic namespace, all accounts therefore already exist and access must be generated client side by the user. The namespace is extremely large, which allows for assurances that nobody generates the same private keys, public keys and address hash. The other countintuitive thing to understand is that these accounts don't exist "on" the blockchain until someone sends funds to them. An empty address means it has never been seen on the blockchain, as this record only occurs after a digital asset or message references them in a prior transaction. GUI's for browsing blockchains smooth this over by letting you look at empty addresses simply by nature of them complying with the namespace, but an address that has never previously received funds or any other message is not in the blockchain at all, yet. The reason this is important is because if you have the private key to that address, you can still convey that you have control of that address via signing and there is no prior link to any other address or funds. There is no linkability or privacy issue. Signing just lets you have a unique identifier.

Using all that, to go back to what I said earlier, cryptocurrency wallets just makes public and private key cryptography so prevalent that signing is also more prevalent and available. Whereas PGP and GPG Suites had 25 years to do so and have not been successful outside of much much much smaller niches, that have not seem to have grown at all and the user experience arguably has gotten worse.

What you mentioned about NFT art signatures is a different topic. Address signing is about offchain signatures. All transactions and onchain metadata are onchain signatures.

So how would an "anonymous group" benefit from signing an "ethereum address to reduce ambiguity"? Ambiguity from what context?

if an imposter anonymous appeared they would not be able to produce the same signature because they do not control the same private keys and address

Trust me, nobody wants to make crypto any easier to use either. What kind of company has interests in maintaining a zero-profit moneypit?

GPG Suite tried to charge for their email plugin, what a disaster that was

Cryptocurrency address signing and wallets inherit the whole feature set so might as well run with that

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact