Creating a Bitcoin wallet is not only a place to store your Bitcoin, but it’s a way for you to interact with the Bitcoin network. While most of us would focus on using our wallets to generate new public key addresses so we can receive Bitcoin or signing transactions to send Bitcoin, there are other ways of communicating with the network that don’t involve moving funds on-chain.
Having a Bitcoin wallet can also act as a pseudonymous unique identifier to prove that you own funds, that have the keys to a wallet that has performed certain on-chain transactions, chain history or as a method of authenticating yourself without giving up personally identifiable information.
While message signing has always been around in one shape or form, formalising it into a BIP that wallets can use as a standard could make this feature of Bitcoin more popular.
What is BIP 322 or Generic Message Signing?
BIP322 refers to the generic signed message format introduced in the Bitcoin Improvement Proposal (BIP) 322. This format allows a wallet to sign a text string by producing a signature for a virtual Bitcoin transaction. The purpose of this format is to enable the creation of signed messages for any script or address that a wallet can spend.
One of the key advantages of BIP322 is its compatibility with existing software that verifies signed messages for legacy Pay-to-Public-Key-Hash (P2PKH) addresses.
When signing for legacy P2PKH addresses, BIP322 uses the traditional signmessage format that was first implemented in early versions of the Bitcoin software. This ensures backward compatibility with existing software.
However, BIP322 has limitations when it comes to proving the authenticity of transactions, particularly in cases where there may be disputes. For example, in peer-to-peer transactions, there is always a risk that one party may deny receiving payment. BIP322 signed messages can prove that the Unspent Transaction Outputs (UTXOs) belong to the buyer, but they do not provide information about whom the money was sent to.
To address this limitation, the document suggests using a P2WSH (Pay-to-Witness-Script-Hash) 2-of-2 multi-sig solution. This involves creating a script challenge that includes OP_SHA256 and OP_EQUAL12 operations, as well as a BIP322 signature on the witness stack.
What could BIP322 be used for?
BIP-322 message signing allows users to attach a unique and verifiable signature to a message and provides a way to prove that the message was indeed sent or approved by the holder of that private key. This means that you can verify ownership of your assets as well as form part of a host of different authentication scenarios.
Multi-sig proof of keys
If you’re a customer of a distributed multi-sig platform and have your funds stored in a 3 of 5 multi-sig Bitcoin wallets, your next step is probably to distribute those keys to different parties for safekeeping. Let’s say the custodian holds two keys, Alice holds one key, Alice’s lawyer holds one key, and Alice’s parents hold one key.
For peace of mind, you can periodically audit everyone’s key fragments. You can ask the custodian to provide a BIP-322 compliant script signed with 2 of 5 keys.
Once you have the partially signed script, you can complete the signature yourself and then separately ask each key holder to provide a signature complete BIP-322 script. You can then verify all three versions of the complete signature and sleep soundly, knowing that their security scheme is intact.
Decentralised Social Identity
Prior to the launch of Nostr, one way to create a unique identity for yourself could be through BIP322. If you were banned from a certain platform, you could spin up an account on another competitor platform and easily prove to your followers that this is the real you.
Additionally, social media applications could have requested BIP322 signatures to link your accounts together so any duplicate, fake and bot accounts could easily be purged from the network. BIP-322 signed transactions are compatible with any address format, so a user can authenticate their control over the taproot address, which is already known to be associated with their identity.
While Nostr does provide a better solution for this problem, BIP-322 could be used in combination with Nostr to provide more assurances and even as a method of creating delegated events with your nostr account.
Decentralised identity document integration
Data breaches and hacks have exposed the importance of privacy and why centralised data storage can be a user risk. Corporations spend Billions each year trying to maintain data security, while some focus on building applications that integrate with the Decentralised Identity Foundation’s document specification.
Bitcoin wallets can offer a possible solution for businesses that don’t want to host user data but want the ability to authorise access to applications, and BIP-322 could be used as a method of proving ownership of an account.
Since other companies have already adopted the DIF/DID specification, such as Microsoft’s ION project, to ensure interoperability, companies can integrate an API to verify BIP-322 compliant signed script to verify credentials.
So, your BIP-322 proof can be used across multiple applications to grant you access. A BIP-322 signature could also be used in conjunction with a Nostr to authenticate access to services like relays or special clients that you have paid for or interacted with in the past.
Liquidity advertisements for Lightning Channels
Lightning Network nodes can create Liquidity Ads across various networks, listening for messages that are BIP-322 compliant. I node could post a BIP-322 compliant signature on their social media accounts like nostr for bots to scrape or sign directly with liquidity marketplaces to advertise how much liquidity she is seeking to provide.
If an interested node needs liquidity on the fly, they know your BIP-322 means your funds are available and can reach out in direct messages to coordinate a channel opening.
Quasi-proof of reserves
Suppose a company offers custodial Bitcoin, Lightning wallet or eCash mint services catering to those lacking financial services, such as people in developing nations.
A custodian holding funds would want to have a confident user base to avoid dealing with bank runs or facing some questions as to whether they have the reserves they claim to have – are the user’s funds “actually” held in the wallet, or is the company insolvent and lacks sufficient collateral for their end-users wallets?
To give users some method of transparency, the custodian can offer up BIP-322 API. The API allows anyone who wants to deal with the custodian the ability to query with a challenge phrase of their choice, and they receive back a BIP-322 signed script from the multi-sig fund reserves wallet with the challenge phrase in OP_RETURN.
Third-party asset verification
Suppose you’re a proponent of third-party assets hosted on the Bitcoin network; you can use generic message signing to sign ownership of a specific token or NFT created using ordinal theory.
This can come in handy when using on-chain exchanges/DEXs, where you can prove that you own the rights to the inscribed satoshi, and the accompanying metadata and exchanges can then list your sale, knowing they are interacting with the correct person.
The same goes for asset issues of Taproot Assets; the address issuing the asset can prove ownership of the Merkle Tree used to issue these assets, so you can have confidence you’re dealing with the correct asset issuer and not someone issuing counterfeit Taproot Assets.
AML/KYC/PII Verification and whitelisting
BIP 322 can also be used to limit users’ ability to access Bitcoin on KYC on-ramps if governments were to put pressure on exchanges on how they release funds on-chain with the use of AOPP wallets
Exchanges operating in a legal jurisdiction where the government has strict compliance requirements on certain types of financial transactions could be forced to whitelist addresses before they release funds. In order for an exchange to verify who they are doing business with, they issue a challenge phrase consisting of 80 bytes of arbitrary data.
Exchange counterparties or clients would then use a BIP-322 script signature with the challenge data in OP_RETURN, thus providing a cryptographic identity auth to satisfy local compliance laws.
The BIP-322 compliant signature can be permanently recorded in a database as well as any other additional compliance records associated with the transactions.
BIP322 isn’t widely used
It’s worth noting that BIP proposal 332 has not gained wide acceptance, and there is an ongoing discussion within the Bitcoin development community about the best approach. Some developers argue that BIP322 is more complex than other solutions and would require significant effort from wallet developers to implement.
However, there is renewed interest in using BIP322 to validate signatures related to upgrading the Bitcoin-native Decentralized Identifier Method. Overall, while BIP322 provides a generic signed message format for wallets to sign text strings, it still has limitations when it comes to proving transaction authenticity.
Do your own research.
If you want to learn more about signing messages on Bitcoin, use this article as a jumping-off point and don’t trust what we say as the final say. Take the time to research, check out their official resources below or review other articles and videos tackling the topic.
- bitcoinops.org – Generic signmessage
- GitHub – BIP 322
- BIP-322 Use Cases
- Bitcoin.it – Message Signing
