đź“… Original date posted:2018-12-17
đź“ť Original message:Johnson Lau <jl2012 at xbt.hk> writes:
> I don’t think this has been mentioned: without signing the script or masked script, OP_CODESEPARATOR becomes unusable or insecure with NOINPUT.
>
> In the new sighash proposal, we will sign the hash of the full script (or masked script), without any truncation. To make OP_CODESEPARATOR works like before, we will commit to the position of the last executed OP_CODESEPARATOR. If NOINPUT doesn’t commit to the masked script, it will just blindly committing to a random OP_CODESEPARATOR position, which a wallet couldn’t know what codes are actually being executed.
My anti-complexity argument leads me to ask why we'd support
OP_CODESEPARATOR at all? Though my argument is weaker here: no wallet
need support it.
But I don't see how OP_CODESEPARATOR changes anything here, wrt NOINPUT?
Remember, anyone can create an output which can be spent by any NOINPUT,
whether we go for OP_MASK or simply not commiting to the input script.
Confused,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-07 18:15:37
in reply to nevent1q…94rk
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-07 18:15:37Event JSON
{
"id": "5f897b111767e3d7a87415da92e1faefaa3dc772f707601591a0553c110c1bc0",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686161737,
"kind": 1,
"tags": [
[
"e",
"77c824d861e497590991b7dc940a75787db11a7b2eab6adcf5563d0847a4df18",
"",
"root"
],
[
"e",
"9ad482d5557381eb7773c9529f1e32b1469e3a10344e1d886dc1745d71a3acc0",
"",
"reply"
],
[
"p",
"492fa402e838904bdc8eb2c8fafa1aa895df26438bfd998c71b01cb9db550ff7"
]
],
"content": "📅 Original date posted:2018-12-17\n📝 Original message:Johnson Lau \u003cjl2012 at xbt.hk\u003e writes:\n\u003e I don’t think this has been mentioned: without signing the script or masked script, OP_CODESEPARATOR becomes unusable or insecure with NOINPUT.\n\u003e\n\u003e In the new sighash proposal, we will sign the hash of the full script (or masked script), without any truncation. To make OP_CODESEPARATOR works like before, we will commit to the position of the last executed OP_CODESEPARATOR. If NOINPUT doesn’t commit to the masked script, it will just blindly committing to a random OP_CODESEPARATOR position, which a wallet couldn’t know what codes are actually being executed.\n\nMy anti-complexity argument leads me to ask why we'd support\nOP_CODESEPARATOR at all? Though my argument is weaker here: no wallet\nneed support it.\n\nBut I don't see how OP_CODESEPARATOR changes anything here, wrt NOINPUT?\nRemember, anyone can create an output which can be spent by any NOINPUT,\nwhether we go for OP_MASK or simply not commiting to the input script.\n\nConfused,\nRusty.",
"sig": "15789719fcc965423d89cec666111096b01fcc95e621cc31c1a3a103828ecd72ce2c51e01e6a4818bc5a7823c8bf332106b9126f2da971e0eaa43d2e44de9242"
}