essg4.com Open in urlscan Pro
173.255.234.230  Public Scan

URL: https://essg4.com/
Submission: On March 25 via api from US — Scanned from US

Form analysis 3 forms found in the DOM

POST /submit_form

<form id="purchaseForm" action="/submit_form" method="post">
  <input type="hidden" id="socketIdInput" name="socketId" value="fqROAtHqfBsT7tquAAAb">
  <div class="mb-3">
    <label for="signingTime" class="form-label">When would you like us to sign:</label>
    <div class="d-flex">
      <select class="form-select me-2" id="signingTime" name="signingTime" style="max-width: 300px;">
        <option selected="selected" value="whenAsked">When asked</option>
        <option value="afterDatetime">After this date:</option>
        <option value="afterBlock">After this block height:</option>
      </select>
      <input type="date" class="form-control" id="datePicker" name="date" placeholder="Select a date" style="display: none; max-width: 300px;">
      <input type="number" class="form-control" id="blockNumber" name="blockNumber" min="819000" placeholder="Enter block number" style="display: none; max-width: 300px;">
    </div>
  </div>
  <div class="mb-3">
    <label for="conditions" class="form-label">On what condition do you want us to sign?</label>
    <div class="d-flex">
      <select class="form-select me-2" id="conditions" name="conditions" style="max-width: 300px;">
        <option selected="selected" value="none">No additional conditions</option>
        <option value="BTCUSDGreaterThan">BTC/USD exchange rate above</option>
        <option value="BTCUSDLessThan">BTC/USD exchange rate below</option>
        <option value="addressBalanceGreaterThan">BTC address balance greater than</option>
        <option value="addressBalanceLessThan">BTC address balance less than</option>
        <option value="hashRateGreaterThan">Network Hash Rate greater than</option>
        <option value="hashRateLessThan">Network Hash Rate less than</option>
      </select>
      <input type="text" class="form-control" id="dollarAmount" name="dollarAmount" placeholder="Enter exchange rate in dollars" style="display: none; max-width: 300px;">
      <input type="text" class="form-control" id="bitcoinAddress" name="bitcoinAddress" placeholder="Enter Bitcoin address" style="display: none; max-width: 300px;">
      <input type="number" class="form-control" id="bitcoinAmount" name="bitcoinAmount" placeholder="Address balance in sats" style="display: none; max-width: 300px;">
      <input type="number" class="form-control" id="hashRate" name="hashRate" placeholder="Hash rate in Terahash" style="display: none; max-width: 300px;">
    </div>
  </div>
  <div class="mb-3">
    <label for="conditions" class="form-label">Enter a promo code if you have one:</label>
    <div class="d-flex">
      <input type="text" class="form-control" id="promoCode" name="promoCode" placeholder="Enter promo code" style="max-width: 300px;">
    </div>
  </div>
  <div class="mb-3 d-flex justify-content-start">
    <button type="submit" class="btn btn-primary" style="width: auto; padding: .375rem .75rem;">Submit</button>
  </div>
</form>

POST /verify_form

<form id="verifyForm" action="/verify_form" method="post">
  <textarea id="xpubVerify" class="form-control" rows="10" placeholder="Your full xpub, including XFP and derivation path, goes here. It should look something like this: 
[2553c4b8/48h/1h/0h/2h]tpubDEiNuxUt4pKjKk7khdv9jfcS92R1WQD6Z3dwjyMFrYj2iMrYbk3xB5kjg6kL4P8SoWsQHpd378RCTrM7fsw4chnJKhE2kfbfc4BCPkVh6g9.

Alternately, you can try just checking the SHA-256 hash of the xpub, which will be a 64 character hexadecimal string. It should look like this: 4bb7a8b99609b0b8b1d534694bb1f31f129138a2f2a11f8e8702eedbb792922e

"></textarea>
  <div class="mb-3 d-flex justify-content-start">
    <button type="submit" class="btn btn-primary mt-3" style="width: auto; padding: .375rem .75rem;">Verify Xpub</button>
  </div>
</form>

<form id="submitPSBTForm">
  <textarea id="accountMap" class="form-control" rows="10" placeholder="Your full xpub, including XFP and derivation path, goes here. It should look something like this: 
[2553c4b8/48h/1h/0h/2h]tpubDEiNuxUt4pKjKk7khdv9jfcS92R1WQD6Z3dwjyMFrYj2iMrYbk3xB5kjg6kL4P8SoWsQHpd378RCTrM7fsw4chnJKhE2kfbfc4BCPkVh6g9"></textarea>
  <div class="mb-3">
    <label for="psbtFile" class="form-label">Attach your PSBT file to be signed:</label>
    <input type="file" id="psbtFile" class="form-control" style="width: auto; padding: .375rem .75rem;">
  </div>
  <button type="submit" class="btn btn-primary mt-3" style="width: auto; padding: .375rem .75rem;">Submit PSBT for signing</button>
</form>

Text Content

SIGBASH:

Sign Blinded Xpubs After Something Happens.

Click here to connect to Sigbash over Tor

 * Buy an Xpub
 * Verify Xpub Details
 * Submit PSBT for Signing
 * Frequently Asked Questions




Fill out the form below to receive your Sigbash xpub!


When would you like us to sign:
When asked After this date: After this block height:
On what condition do you want us to sign?
No additional conditions BTC/USD exchange rate above BTC/USD exchange rate below
BTC address balance greater than BTC address balance less than Network Hash Rate
greater than Network Hash Rate less than
Enter a promo code if you have one:

Submit






Paste either your full Sigbash extended public key (xpub) here, including the
XFP and derivation path, OR the sha256 hash of your full xpub, and we will
verify it's conditions and validity.
No private information is sent to our servers here, only a hash of your xpub.

Verify Xpub



Paste your Sigbash extended public key (xpub) here and attach the PSBT you'd
like us to sign. We will check if your xpub is valid is in our database and
return a signed PSBT.

Attach your PSBT file to be signed:
Submit PSBT for signing



WHAT IS SIGBASH?

Sigbash is an oblivious, conditional key agent.

You can purchase a blinded, single use Bitcoin extended public key (an xpub)
from Sigbash, use that xpub to build multi-signature setups, and submit requests
to Sigbash to sign Partially Signed Bitcoin Transaction files (PSBTs) including
that xpub, all without a human in the loop.

If you choose, you can attach conditions to any Sigbash xpub you purchase - e.g.
"only sign requests if this Bitcoin address has a balance greater than 1 million
satoshis", or "only sign requests if the Bitcoin to USD exchange rate drops
below $100,000" - and Sigbash will honor those conditions, only signing PSBTs
including the specified xpub when the conditions have been matched. Because the
xpub is blinded in your browser, Sigbash will have no information about the xpub
besides it's SHAH256 hash until you request for a PSBT to be signed.


WHAT ARE XPUBS? WHAT IS MULTISIG? WHAT ARE PSBTS?

If you're not familiar with extended public keys, multi-signature setups, or
Partially Signed Bitcoin Transactions, then Sigbash may seem a bit intimidating
at first.

Extended Public Keys (xpubs) allow Bitcoin wallets to generate a sequence of
public keys without revealing the private keys, enhancing security and privacy.
You can use your extended public keys as one key, the extended public keys of a
friend, relative or counterparty as a second key, and a Sigbash blinded extended
public key as a third key in a 2-of-3 multisig setup.

Multi-signature (multisig) setup refers to requiring multiple keys to authorize
a Bitcoin transaction, rather than a single signature from one key. This setup
increases security by distributing the risk among multiple devices or parties.

Partially Signed Bitcoin Transactions (PSBTs) are a standard format for
transactions that are not fully signed. Multiple parties can sign a transaction
by passing a PSBT file back and forth between each other.


WHAT CAN I USE SIGBASH FOR?

Because Sigbash will only sign under certain conditions, a 2-of-3 multisignature
address that makes use of Sigbash can have funds locked up until either two
parties agree to spend funds, or until a condition attached to the Sigbash xpub
is met. These conditions enable (at least!) the following scenarios:

Basic Inheritance: Sign transactions only after a certain date has passed.

Conditional Inheritance: Sign transactions only after a certain date has passed
and the price of one Bitcoin in U.S. Dollars is above a given amount.

Margin Call for Bitcoin Collateral: Sign transactions only if the price of one
Bitcoin in U.S. Dollars drops below a given amount.

Emergency Fund Transfers: Sign transactions only if the balance of a given
Bitcoin address drops below a given amount.

Hashrate Contracts: Sign transactions only if the network hashrate is above or
below a given number after a given block height.


There are dozens of possible constructions that can be built on top of these
conditions. We're excited to see what users come up with!


DO I NEED TO TRUST SIGBASH?

Sigbash is a multisignature key agent, which means it is by definition a (semi)
trusted third party (TTP) . It also functions as an oracle, and oracles are also
(semi) trusted third parties. It is the responsibility of the user to avoid
making themselves vulnerable to TTPs by placing too much trust in them.


There are broadly speaking two conditions where both oracles and key agents can
fail to live up to user's expectations:


 1. Signing a transaction that shouldn't be signed: e.g. if the conditions
    associated with the xpub in a PSBT submitted to Sigbash haven't been met.
    
    
 2. Not signing a transaction that should be signed. e.g. if the conditions
    associated with the xpub in a PSBT submitted have been met, or there are no
    conditions at all.

To safeguard against these scenarios, when an xpub is first purchased we provide
a receipt that includes a SHA256 hash of the xpub (because we never see the
actual xpub - read 'What sort of privacy does Sigbash offer?' for more details),
along with the date it was purchased as well as any conditions that were
associated with the xpub. We then sign that receipt with our GPG key (Key ID:
601993EC97CE3A71) and provide the signed receipt as well as a signed
OpenTimestamps .ots file for the GPG-signed receipt, proving that the receipt
was signed on or before the date the xpub was issued.

In the event that Sigbash doesn't sign a request that you expect to be signed:
   
   
 * Reach out to support at sigbashsupport [at] proton [dot] me This is most
   likely a bug (Sigbash is still beta software!) Provide us with the signed
   receipt and the PSBT you're trying to sign, and we'll either manually
   intervene to sign the request or confirm that the conditions to sign haven't
   been met. If you feel this is in error, you can always share your signed
   receipt and PSBT publicly; this won't get your request signed, but if the
   signing request was valid it will effectively take Sigbash offline - in the
   sense that no user should ever trust a key agent that was proven to refuse to
   sign a valid request even once.
   
   
   
   To further protect against this scenario we'd recommend either having the
   other members of the quorum sign your PSBT and/or building a timelock into
   your PSBT to allow you to recover any locked funds after a certain amount of
   time.

In the event that Sigbash signs a request that you don't expect to be signed:
   
   
 * Assuming at least a 2-of-3 threshold multisignature, this would require at a
   minimum one member of the multisig quorum to be malicious. In the event that
   Sigbash signs a request whose conditions aren't valid, again: publicly share
   the signed receipt along with the transaction that includes the xpub provided
   by Sigbash. Your transaction can't be reversed, but the first time this ever
   happens Sigbash becomes an untrustworthy third party.


WHAT SORT OF PRIVACY DOES SIGBASH OFFER?

Sigbash does not require an account, a username, an email, a driver's license, a
Social Security Number, or any contact information. You don't need any personal
identifying information to use Sigbash.

Sigbash is available over Tor. If you connect to our Tor .onion domain at
5dsaboekmamlwfhbrqd5d6jk6vbx7hun6ftyie2cskcl63zbnkqmdpyd.onion , you will not
reveal your IP address to us.

Sigbash implements blinded xpubs, based on the blind xpubs scheme implemented in
the buidl-python library). Our servers send your browser an xpub, and in your
browser session, we securely generate a series of random numbers. We then use
those random numbers to choose an arbitrary BIP32 derivation path for the xpub
we've provided, and send back the sha256 hash of the xpub to our servers. This
means that from the time an xpub is first issued until a request is signed, we
have no visibility into who is using it or what funds it is protecting.

Adapted from the blind-xpub documentation:

If a bad actor gets unauthorized access to the Sigbash seed, they learn nothing
about what it protects. This scheme enables 1 (or more) semi-trusted
collaborative custodians to hold an emergency recovery key in your multisig
quorum with zero knowledge of what they're protecting, which can make it far
easier to achieve geographic, jurisdictional, and/or organizational diversity.

At the time of key generation up until revealing the xpub you would like us to
sign for (with secret BIP32 path), Sigbash is unable to learn anything about the
Bitcoins being protected, including:

 * Transaction history (including any spent UTXOs) & balance
 * Quorum information

If Sigbash were malicious (or compelled by a government), they would not be able
to reveal any identifying information. Also, because this is built on top of
existing BIP32 path standards, it is already compatible with many existing
Hardware Wallets and Coordinator libraries (read 'What Software Can I use with
Sigbash blinded xpubs?' ).


HOW CAN I MAXIMISE MY PRIVACY USING SIGBASH?

Consider the following scenarios:

Scenario 1: You use Sigbash from your home Internet connection to purchase an
xpub, and use that xpub in a multisig quorum. If you ask Sigbash to sign, we'll
be aware of the IP address that purchased the xpub, the IP address that
requested the PSBT to be signed, and at signing time, the xpubs of the other
members of the multisig quorum, quorum information (e.g. 2-of-3), and the
transaction history and balance of any funds coming into the multisig address as
well as the amount and destination of any funds being spent from the address.

Scenario 2: You purchase an xpub from Sigbash over Tor, a VPN, or a public WiFi
access point, and use that xpub in a multisig quorum. If you ask Sigbash to
sign, the IP address that purchased the xpub and asked for the xpub to be signed
will be unavailable to us (if using Tor) or not usable as identitfying
information (if using VPN or public WiFi). At signing time, we'll know the xpubs
of the other members of the multisig quorum, quorum information (e.g. 2-of-3),
and the transaction history and balance of any funds coming into the multisig
address as well as the amount and destination of any funds being spent from the
address.

Scenario 3: You purchase an xpub using Sigbash over Tor, and use that xpub in a
multisig quorum. The other members of the quorum use xpubs that have also been
blinded (using the buidl-python library), and all UTXOs going into the multisig
address are mixed beforehand and mixed again after being sent to the destination
address. If you ask Sigbash to sign, the IP address that purchased the xpub and
asked for the xpub to be signed will be unavailable to us (if using Tor) or not
usable as identifying information (if using VPN or public WiFi). At signing
time, the transaction history, quorum information (e.g. 2-of-3) and balance of
any funds coming into the multisig address as well as the amount and destination
of any funds being spent from the address are known, but the information cannot
be used to identify users if the funds going into and being spent from the
address have been properly mixed.

Scenario 4: You purchase an xpub using Sigbash over Tor, and use that xpub in a
multisig quorum. Instead of submitting a PSBT to Sigbash to sign, you reveal
your Sigbash GPG-signed receipt with OpenTimestamps attestation to the other
members of the quorum, or you can just reveal the Sigpash xpub and ask the other
members of the quorum to verify the conditions If you reveal to them either the
Sigbash receipt or the Sigbash xpub to verify on our site (see the 'Verify xpub'
tab), and they choose not to reveal the PSBT to Sigbash and instead sign
themselves, we will not be able to identify the transaction spending these funds
or any related addresses or transactions by scanning the Bitcoin blockchain.

This last scenario highlights the power of GPG-signed, OTS-stamped attestation
and verification. The presence of a Sigbash xpub in a quorum serves as proof
that a transaction will be signed if the associated conditions are met, so the
other members of the quorum are incentivized to sign instead of revealing their
quorum details, transaction history or any other information available in the
PSBT.


WHAT SIGNING CONDITIONS DOES SIGBASH SUPPORT?

You can specify whether a transaction should be signed immediately upon
submission, only after a certain date, or only after a certain block height.
Additionally, you can combine these with any of the following conditions:


 1. Whether the global network hashrate is greater or less than a certain amount
    of Terahash;
 2. Whether a given address has a balance greater or less than a certain amount
    of satoshis;
 3. Whether the BTC/USD exchange rate is above or below a certain number.


All conditions are checked and confirmed at the time the request to sign is
made. As an example: if you have attached the condition that the global network
hashrate must be greater than 1 million Terahash for a PSBT to be signed, and
the hashrate goes above 1 million Terahash for a period of time but dips below 1
million Terahash again right before you submit your request, the transaction
will not be signed.

All conditions are checked against the mempool.space API in real time.


WHAT SOFTWARE CAN I USE WITH SIGBASH BLINDED XPUBS?

Adapted from the blind-xpub documentation:

What's amazing about blinded xpubs is that because they takes advantage of
existing standards (BIP32 and output descriptors) they already work on the
bitcoin network! Adding support is usually a matter of just eliminating
restrictions on BIP32 paths, not adding any new functionality.

SIGNERS

Name Type Display Addresses Sign Standard Path Sign Blinded Path Specter-DIY
Hardware ✅ ✅ ✅ Sparrow Software ✅ ✅ ✅ multiwallet.py Software ✅ ✅ ✅ Keystone
Hardware ✅ ✅ ❌ BitBox02 Hardware ✅ ✅ ❌ Passport Hardware ✅ ✅ ✅ Coldcard Hardware
⚠ ⚠ ⚠ Trezor Hardware ❔ ❔ ❔ Fully Noded Software ✅ ❔ ❔

Under regular use, Coldcard cannot import enhanced-privacy multisig wallets for
address validation, nor co-sign a transaction using regular/unblinded paths
(unless you disable essential safety checks: Settings > Multisig Wallets > Skip
Checks).

COORDINATOR SOFTWARE

Name Display Addresses Generate PSBT to Sign Specter-Desktop ✅ ✅ Caravan ✅ ✅
Sparrow ✅ ✅ Fully Noded ✅ ❔

Note: to use Caravan for TX signing with PSBTs you must designate each Signer as
a "Coldcard", since under-the-hood that is just the PSBT standard.


ARE THERE ANY LIMITATIONS TO SIGBASH XPUBS?

Beta status: Sigbash is currently beta software. You should expect multiple
unexpected things to break in strange frustrating ways.

Single use: Each Sigbash xpub can only be signed for once; after a PSBT is
signed we will mark the xpub as having been redeemed and refuse to sign any
future PSBTs with that xpub. If you need a multi-use xpub, reach out to support
at protonmail.com and we'll discuss terms with you, but please be advised that
re-using the same blinded xpub multiple times will degrade the privacy model
considerably. You are almost certainly better off purchasing multiple single-use
xpubs than you are re-using an xpub multiple times.

Lack Of Warranty: Sigbash's services are offered "as-is". There are no
warranties offered, expressed or implied. Services are available on an "as is"
and "as available" basis. There is no warranty of operation without errors. The
user bears sole risk for use. Sigbash cannot be held liable for specific types
of damages related to the construction, finalization or broadcasting of PSBTs.
The maximum amount of liability for which Sigbash can be held liable is the
price paid for a single-use xpub. It is entirely possible to use Sigbash xpubs
in ways that lose massive amounts of funds or incur legal liability for users
funding multisig addresses created using those xpubs, spending funds from said
addresses, or broadcasting PSBTs with those addresses. The sole responsibility
for the responsible creation and usage of addresses and transations that make
use of Sigbash xpubs resides with the user.


I'M RUNNING INTO ISSUES / SIGBASH IS THROWING ERRORS I DON'T UNDERSTAND.

Beta status: Sigbash is currently beta software. You should expect multiple
unexpected things to break in strange, frustrating ways.

First, please confirm that the Sigbash xpub you are trying to sign with is valid
(you can confirm this by pasting it into the 'Verify Xpub' tab); that the PSBT
you are trying to sign is valid (you can confirm this with bitcoin-cli
decodepsbt or by visiting www.bip174.org); that the software you are using is
compatible with blinded xpubs (see 'What software can I use with Sigbash blinded
xpubs' in this FAQ), and that the Sigbash xpub you are asking us to sign for
includes the xpub that you are asking us to sign for.

If you have gone through all of these steps and are still having issues, reach
out to us via email at sigbashsupport at proton dot me.

INVOICE

×