add asset-proof.py

[FredericHeem]

This script signs all addresses with a given message and write a json file containing a list of public addresses alongside the signature. The file can be given to auditors to verify the signatures and get the balance for this wallet.
For more information, see https://github.com/olalonde/bitcoin-asset-proof

[DavidEGrayson]

Cool idea! I downloaded your script and am trying it out now. It's taking a while, because I restored my wallet from a backup and so Armory apparently generated 1000 addresses in the wallet. The script seems to sign for about 2 or 3 addresses per second on my Ubuntu virtual machine.

More than just external auditors, I think anyone using Bitcoins would be interested in a tool like this because it lets them prove the they have control over a particular private key (which might be in cold storage) before sending funds to the corresponding address.

(I'm not a maintainer of Armory, just a guy interested in this stuff.)

[DavidEGrayson]

Well, it works. I was able to copy and paste an example address, message, and signature from the JSON file your script produced and verify the signature both in BitcoinQt and in Armory. I understand you have a tool that would verify all of them, but I didn't really want to install another programming environment just to do this little experiment.

I'm thinking I might use your tool to generate signatures for the next 50 addresses in my cold Armory wallet, and then whenever I am thinking of sending funds there I can manually verify that the address is OK using BitcoinQt. That protects me from any type of bug in Armory that would cause me to send funds to the wrong address.

[etotheipi]

The "correct" solution (long-term), is once we update to BIP 32, to simply pre-verify the root public key on the sending side (but not chaincode!). It could be on your business card. Then when you supply an address to another party (or computer), you bundle the multiplier with the address, and the sender can rederive the address from the root key and multiplier and verify it matches. But they can't see any of your other addresses (the multiplier is essentially a hash of the chaincode, and thus cannot be used to get the chaincode which would reveal the other addresses).

This has the same benefits, but doesn't require an individual signature for each address. The watching-only wallet that generates the address already has to compute the multiplier, so we'd only modify the address encoding to allow for an optional extra 32-byte number at the end.

[FredericHeem]

This PR updates asset-proof.py tp the latest specification, the block has is added, the message to sign contains this block hash. This prove the proof was not performed after the date the block was released.