📅 Original date posted:2016-02-25
📝 Original message:Hi Greg,
On Fri, Feb 26, 2016 at 01:32:34AM +0000, Gregory Maxwell wrote:
> I think to be successful we must be absolutely ruthless about changes
> that go in there beyond the absolute minimum needed for the safe
> deployment of segwit... so I think this should probably be constructed
> as a new segwit script type, and not a base feature.
Absolutely, I'd certainly be interested in this being the first
proof/example for the script upgrade mechanisms if it's not ideal for
this to be implemented as part of Segregated Witness itself.
> The reason for this is that if hardware wallets are forced to continue
> transferring input transactions to check fees or to use
> without-inputs, they may choose the latter and leave the users
> needlessly exposed to replay attacks.
Yes, I think it's necessary to include the fees as part of the
signature, which will also allow for wallets to not require downloading
the input transactions. However, it's necessary to not include the input
amount itself, as they may differ. SegWit itself is very nice in that it
prevents improperly designed wallets and services using the bitcoin RPC
from making mistakes, you can resolve malleability without compromises
-- I also think any proposed SIGHASH should ensure some measure of
safety from design error/shortcuts.
> The fact that without input commitments transactions are replayable is
> highly surprising to many developers... Personally, I'd even go so far
> as to name the flag SIGHASH_REPLAY_VULNERABLE. :)
That's a good point, choosing a scary name is probably very helpful.
Thanks, I'll clarify with a specific BIP soon.
--
Joseph Poon
Joseph Poon [ARCHIVE] /
npub1ej…p9cq8
2023-06-07 17:49:17
in reply to nevent1q…4e97
Author Public Key
npub1ej6vep7y2km5l6awukffelg8yeppkth2vjkjk9jypd5w336rxggs3p9cq8Published at
2023-06-07 17:49:17Event JSON
{
"id": "06677b0bbea3f40342d2a9d55e1fce5658e0cee214c3cbdb417043aae6822490",
"pubkey": "ccb4cc87c455b74febaee5929cfd0726421b2eea64ad2b16440b68e8c7433211",
"created_at": 1686160157,
"kind": 1,
"tags": [
[
"e",
"02573c72a5c10170b07062b4c65addc713ac4f80993cb36ed0c5880b6d715a41",
"",
"root"
],
[
"e",
"db528bd35aa3beaf2c08d8023c7bde481aa83d29bdd45710cd591ee1c94cc0f8",
"",
"reply"
],
[
"p",
"4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73"
]
],
"content": "📅 Original date posted:2016-02-25\n📝 Original message:Hi Greg,\n\nOn Fri, Feb 26, 2016 at 01:32:34AM +0000, Gregory Maxwell wrote:\n\u003e I think to be successful we must be absolutely ruthless about changes\n\u003e that go in there beyond the absolute minimum needed for the safe\n\u003e deployment of segwit... so I think this should probably be constructed\n\u003e as a new segwit script type, and not a base feature.\n\nAbsolutely, I'd certainly be interested in this being the first\nproof/example for the script upgrade mechanisms if it's not ideal for\nthis to be implemented as part of Segregated Witness itself.\n\n\u003e The reason for this is that if hardware wallets are forced to continue\n\u003e transferring input transactions to check fees or to use\n\u003e without-inputs, they may choose the latter and leave the users\n\u003e needlessly exposed to replay attacks.\n\nYes, I think it's necessary to include the fees as part of the\nsignature, which will also allow for wallets to not require downloading\nthe input transactions. However, it's necessary to not include the input\namount itself, as they may differ. SegWit itself is very nice in that it\nprevents improperly designed wallets and services using the bitcoin RPC\nfrom making mistakes, you can resolve malleability without compromises\n-- I also think any proposed SIGHASH should ensure some measure of\nsafety from design error/shortcuts.\n\n\u003e The fact that without input commitments transactions are replayable is\n\u003e highly surprising to many developers... Personally, I'd even go so far\n\u003e as to name the flag SIGHASH_REPLAY_VULNERABLE. :)\n\nThat's a good point, choosing a scary name is probably very helpful.\n\nThanks, I'll clarify with a specific BIP soon.\n\n-- \nJoseph Poon",
"sig": "8ab6d413697e8c2d9b5fcc40fc2476a0041424915c192475a928735347a1b25cc0f7bd0648ae90992a96e1004ed539d2afe422361f54d3991322dbe3f0ec3503"
}