Safer Challenge

[jonasnick]

I haven't checked the code but from your explanations it seemed like the "challenge" could be a valid Bitcoin transaction such that the input being signed for does actually exist.

Just like the Bitcoin Core signmessage API the "challenge" could be prepended with magic bytes that is guaranteed to not be a prefix of a transaction. In Bitcoin Core that's "Bitcoin Signed Message:\n" (but I'm missing the argument why that wouldn't be a valid prefix).

Additionally, I'd suggest to rename "challenge" to "message" for now. "Challenge" implies that it is provided by the verifier. Message implies nothing, so it has at least the same caveats as signmessage. Making the proofs actually non-replayable would require looking into the bigger context in which the proof-of-reserve tool is used.

[stevenroose]

In the BIP, I describe prefixing the challenge with Proof-of-Reserves: as well. Didn't implement it yet, I have a refactor branch with updates from the BIP after review.

[stevenroose]

As for message vs challenge, that would change a bit of naming in the BIP. I see the point, though.