From 72bb26be6b3cb2a5e7369bb48a3f9e61ae541d22 Mon Sep 17 00:00:00 2001 From: azuchi Date: Fri, 7 Jul 2023 08:53:03 +0900 Subject: [PATCH] Add UTXO check detail --- tip-0100.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tip-0100.md b/tip-0100.md index 24dc1f1..a2031be 100644 --- a/tip-0100.md +++ b/tip-0100.md @@ -75,21 +75,23 @@ whose SBT you own is locked. The following data is required for the proof: * OutPoint (TXID + output index) of SBT's UTXO -* An redeem script of SBT's UTXO (CP2SH) +* An redeem script and scriptPubkey of SBT's UTXO (CP2SH) * Message to be signed * A valid digital signature (ECDSA or Schnorr signature) for the message and `SBT owner public key` The proof process for SBT owner (prover) and verifier is as follows: -1. The prover provides to verifier with the SBT UTXO OutPoint and the SBT UTXO (CP2SH) redeem script. -2. The verifier checks that the target UTXO is an unused UTXO of the SBT issued transaction. -After passing the verification, send the message `m` as a signing request to the prover. +1. The prover provides to verifier with the SBT UTXO OutPoint and the SBT UTXO (CP2SH) scriptPubkey and redeem script of it. +2. The verifier checks: + * The target UTXO is an unused UTXO of the SBT issued transaction. + * The scriptPubkey type must be CP2SH and NFT. +3. After passing the verification, send the message `m` as a signing request to the prover. The verifier must always generate a new message. This prevents an attacker who does not know the private key and reuse the digital signature of a prover obtained by some means to pass verification. -3. The prover uses the private key corresponding to the `SBT owner public key` in the redeem script +4. The prover uses the private key corresponding to the `SBT owner public key` in the redeem script to generate a digital signature (ECDSA or Schnorr signature) for the message to be signed. Then sends the generated digital signature to the verifier. -4. The verifier checks that the received digital signature is a valid digital signature against the +5. The verifier checks that the received digital signature is a valid digital signature against the `SBT owner public key` in the redeem script received in messages `m`. Once you pass the verification, you are verified as the owner of the SBT.