📅 Original date posted:2017-11-09 📝 Original message:> Op 9 nov. 2017, om 21:45 ...

Why Nostr? What is Njump?

Sjors Provoost [ARCHIVE] /

npub1ux…7wq7p

2023-06-07 18:07:36

in reply to nevent1q…5nf3

📅 Original date posted:2017-11-09
📝 Original message:> Op 9 nov. 2017, om 21:45 heeft Jacob Eliosoff via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> het volgende geschreven:
>
> As I understand you, a private key in cold storage would (of course) remain valid across HFs, but an address would be valid only for the nForkId it was generated for. There may be cold-storage-type cases where it's important for an address to be valid across all chains, ie, to intentionally allow replay? But I guess this could just be a special nForkId value, say -1?

If I understand the proposal correctly, you can always spend coins; it's the next transaction that is replay protected.

I like the idea of specifying the fork in bech32 [0]. On the other hand, the standard already has a human readable part. Perhaps the human readable part can be used as the fork id?

Note that in your currently proposal nForkId is only in the transaction signature pre-image. It's not in the serialized transaction, so a node would just have to try to see if the signature is valid. I don't know if that's a problem.

Can you clarify what you mean with:
> Allowing signatures with `nForkId=1` can be achieved with a soft fork by incrementing the script version of SegWit, making this a fully backwards compatible change.

What's the purpose of nForkId 1?

> potentially a way to opt-out of replay protection of any fork, where deemed necessary (can be beneficial for some L2 applications).

Can you give an example of where this opt-out would be useful? Why wouldn't it be enough to just sign one transaction for each fork?

In Spoonnet, the version number is added to the SIGHASH_TYPE in the pre-image. Your solution of just adding another field seems easier, but maybe there's a downside?

Sjors

[0] https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#Bech32
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20171109/e5a52b05/attachment.sig>;

Author Public Key

npub1uxks6rvrzqljyfp92sffgqypf8fpts0pv2dshvmmnrse76v0avlqy7wq7p

Show more details

Published at

2023-06-07 18:07:36

Kind type

1 Short Text Note

Event JSON

{ "id": "fd94e76353777156b671c42558920c03967604708c35972c3efbbfc4d3fc7237", "pubkey": "e1ad0d0d83103f222425541294008149d215c1e1629b0bb37b98e19f698feb3e", "created_at": 1686161256, "kind": 1, "tags": [ [ "e", "d0daeb8199b756e145149a8bfc51c2a5ebb412995a4c001676e8f12b1a7c8b95", "", "root" ], [ "e", "354d8840685bfa46e242602fe31a68bc878e95a0c88610550eb645f789079086", "", "reply" ], [ "p", "dfc3b86290d962b72921536f7e3b66c03742b85abc914447a90507cc27ff8a4b" ] ], "content": "📅 Original date posted:2017-11-09\n📝 Original message:\u003e Op 9 nov. 2017, om 21:45 heeft Jacob Eliosoff via bitcoin-dev \u003cbitcoin-dev at lists.linuxfoundation.org\u003e het volgende geschreven:\n\u003e \n\u003e As I understand you, a private key in cold storage would (of course) remain valid across HFs, but an address would be valid only for the nForkId it was generated for. There may be cold-storage-type cases where it's important for an address to be valid across all chains, ie, to intentionally allow replay? But I guess this could just be a special nForkId value, say -1?\n\nIf I understand the proposal correctly, you can always spend coins; it's the next transaction that is replay protected.\n\nI like the idea of specifying the fork in bech32 [0]. On the other hand, the standard already has a human readable part. Perhaps the human readable part can be used as the fork id?\n\nNote that in your currently proposal nForkId is only in the transaction signature pre-image. It's not in the serialized transaction, so a node would just have to try to see if the signature is valid. I don't know if that's a problem.\n\nCan you clarify what you mean with:\n\u003e Allowing signatures with `nForkId=1` can be achieved with a soft fork by incrementing the script version of SegWit, making this a fully backwards compatible change.\n\nWhat's the purpose of nForkId 1?\n\n\u003e potentially a way to opt-out of replay protection of any fork, where deemed necessary (can be beneficial for some L2 applications).\n\nCan you give an example of where this opt-out would be useful? Why wouldn't it be enough to just sign one transaction for each fork?\n\nIn Spoonnet, the version number is added to the SIGHASH_TYPE in the pre-image. Your solution of just adding another field seems easier, but maybe there's a downside?\n\nSjors\n\n[0] https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#Bech32\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 833 bytes\nDesc: Message signed with OpenPGP\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20171109/e5a52b05/attachment.sig\u003e", "sig": "558e80e1c29b7c57ba7d82a24a872c756e2483b7bb18dceee620f772cdd7aef9e6a04a510f8411da9f606cfb46bed3676c309e84610a9ff8d567b2f11dfa3927" }