Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2015-01-21 📝 Original message:On Wed, Jan 21, 2015 at ...
📅 Original date posted:2015-01-21
📝 Original message:On Wed, Jan 21, 2015 at 2:29 PM, Douglas Roark <doug at bitcoinarmory.com> wrote:
> Nice paper, Pieter. I do have a bit of feedback.
Thanks for the comments. I hope I have clarified the text a bit accordingly.
> 1)The first sentence of "Deployment" has a typo. "We reuse the
> double-threshold switchover mechanism from BIP 34, with the same
> *thresholds*, [....]"
Fixed.
> 2)I think the handling of the sighash byte in the comments of
> IsDERSignature() could use a little tweaking. If you look at
> CheckSignatureEncoding() in the actual code (src/script/interpreter.cpp
> in master), it's clear that the sighash byte is included as part of the
> signature struct, even though it's not part of the actual DER encoding
> being checked by IsDERSignature(). This is fine. I just think that the
> code comments in the paper ought to make this point clearer, either in
> the sighash description, or as a comment when checking the sig size
> (i.e., size-3 is valid because sighash is included), or both.
I've renamed the function to IsValidSignatureEncoding, as it is not
strictly about DER (it adds a Bitcoin-specific byte, and supports and
empty string too).
> 3)The paper says a sig with size=0 is correctly coded but is neither
> valid nor DER. Perhaps this code should be elsewhere in the Bitcoin
> code? It seems to me that letting a sig pass in IsDERSignature() when
> it's not actually DER-encoded is incorrect.
I've expanded the comments about it a bit.
--
Pieter
Published at
2023-06-07 15:28:52Event JSON
{
"id": "317130143edb2f86797207f851e73287323bc73959f93ec74c3d82b5db1d9a76",
"pubkey": "5cb21bf5d7f25a9d46879713cbd32433bbc10e40ef813a3c28fe7355f49854d6",
"created_at": 1686151732,
"kind": 1,
"tags": [
[
"e",
"43498997aaf69cc28c108f60f2a0a9a1eeab544cf4e7f9ece35a133ac15cb4c1",
"",
"root"
],
[
"e",
"76a18a7fb7e7d22efcc9ddbfacfbbb4644d771da911200b1abfa172f536cb779",
"",
"reply"
],
[
"p",
"533e45ffeb94bc88c14af70b25994838170e7910c1273994b63bce468eac2230"
]
],
"content": "📅 Original date posted:2015-01-21\n📝 Original message:On Wed, Jan 21, 2015 at 2:29 PM, Douglas Roark \u003cdoug at bitcoinarmory.com\u003e wrote:\n\u003e Nice paper, Pieter. I do have a bit of feedback.\n\nThanks for the comments. I hope I have clarified the text a bit accordingly.\n\n\u003e 1)The first sentence of \"Deployment\" has a typo. \"We reuse the\n\u003e double-threshold switchover mechanism from BIP 34, with the same\n\u003e *thresholds*, [....]\"\n\nFixed.\n\n\u003e 2)I think the handling of the sighash byte in the comments of\n\u003e IsDERSignature() could use a little tweaking. If you look at\n\u003e CheckSignatureEncoding() in the actual code (src/script/interpreter.cpp\n\u003e in master), it's clear that the sighash byte is included as part of the\n\u003e signature struct, even though it's not part of the actual DER encoding\n\u003e being checked by IsDERSignature(). This is fine. I just think that the\n\u003e code comments in the paper ought to make this point clearer, either in\n\u003e the sighash description, or as a comment when checking the sig size\n\u003e (i.e., size-3 is valid because sighash is included), or both.\n\nI've renamed the function to IsValidSignatureEncoding, as it is not\nstrictly about DER (it adds a Bitcoin-specific byte, and supports and\nempty string too).\n\n\u003e 3)The paper says a sig with size=0 is correctly coded but is neither\n\u003e valid nor DER. Perhaps this code should be elsewhere in the Bitcoin\n\u003e code? It seems to me that letting a sig pass in IsDERSignature() when\n\u003e it's not actually DER-encoded is incorrect.\n\nI've expanded the comments about it a bit.\n\n-- \nPieter",
"sig": "9b557ecbdd5e038e67d7f9ac6906e9bbe0a9f3bc5ee1b9c753a95f3dada9f2b23e8086507170629a5d7de31c6d97faed88eaa54287cdc054e62ed19c25423063"
}