š
Original date posted:2019-10-05
š Original message:
On Fri, Oct 04, 2019 at 11:40:53AM -0700, Jeremy wrote:
> Interesting point.
>
> The script is under your control, so you should be able to ensure that you
> are always using a correctly constructed midstate, e.g., something like:
>
> scriptPubKey: <-1> OP_SHA256STREAM DEPTH OP_SHA256STREAM <-2>
> OP_SHA256STREAM
> <hash> OP_EQUALVERIFY
>
> would hash all the elements on the stack and compare to a known hash.
> How is that sort of thing weak to midstateattacks?
Obviously with care you can get the computation right. But at that point what's
the actual advantage over OP_CAT?
We're limited by the size of the script anyway; if the OP_CAT output size limit
is comparable to that for almost anything you could use SHA256STREAM on you
could just as easily use OP_CAT, followed by a single OP_SHA256.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20191005/213e4e81/attachment.sig>;
Peter Todd [ARCHIVE] /
npub1m2ā¦a2np2
2023-06-09 12:56:31
in reply to nevent1qā¦d5l3
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Published at
2023-06-09 12:56:31Event JSON
{
"id": "0edcc3c768decc6a9b564f7b01e9c8b8a9260c867dcf2c6515b974b053046b8f",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686315391,
"kind": 1,
"tags": [
[
"e",
"c5d8507cb01403cca52393e447a3bb6ef2b92cd8808850618c924b0bc2f035fb",
"",
"root"
],
[
"e",
"654649e5d24f8bc8867fea988cb2123a9d6b015f60d5185a7c1e92b5a5ee80d3",
"",
"reply"
],
[
"p",
"01f53a3166b3b23139201763777e070fcfed5555ad7555f7e90114c0c9e0e8b4"
]
],
"content": "š
Original date posted:2019-10-05\nš Original message:\nOn Fri, Oct 04, 2019 at 11:40:53AM -0700, Jeremy wrote:\n\u003e Interesting point.\n\u003e \n\u003e The script is under your control, so you should be able to ensure that you\n\u003e are always using a correctly constructed midstate, e.g., something like:\n\u003e \n\u003e scriptPubKey: \u003c-1\u003e OP_SHA256STREAM DEPTH OP_SHA256STREAM \u003c-2\u003e\n\u003e OP_SHA256STREAM\n\u003e \u003chash\u003e OP_EQUALVERIFY\n\u003e \n\u003e would hash all the elements on the stack and compare to a known hash.\n\u003e How is that sort of thing weak to midstateattacks?\n\nObviously with care you can get the computation right. But at that point what's\nthe actual advantage over OP_CAT?\n\nWe're limited by the size of the script anyway; if the OP_CAT output size limit\nis comparable to that for almost anything you could use SHA256STREAM on you\ncould just as easily use OP_CAT, followed by a single OP_SHA256.\n\n-- \nhttps://petertodd.org 'peter'[:-1]@petertodd.org\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 833 bytes\nDesc: not available\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20191005/213e4e81/attachment.sig\u003e",
"sig": "4b28d8f06012c8bd0af5ea0fd5677feee67bffdfac45634e6e4768577e12315115034a6df0fd36c6e421c30d528a9096b2cbddaa21dcd374b7bd2196fe5550c4"
}