📅 Original date posted:2018-07-13
📝 Original message:the issues with sighash_noinput is this
1. you cannot prevent address-reuse. because bitcoin is a PUSH payment. meaning other people can send funds to one address without the owner of the key approval/refusal. thus luke cannot control address reuse if many people start spamming him donations.
2. for average users who would just 'autopilot' LN and only see the GUI. they will have no clue what transaction types and technicals are happening under the hood. also with LN being not validated by the community. a user creating a channel could tweak their own LN node to make their counterparty sign a sighash-noinput as a term/condition of the channel
this is also a risk for the under the hood raw tx risks where a tx can be signed but then allow the out's to alter value(using a different opcode). .. you know the premiss of allowing a counterpart to alter the outs value to vary so that they can control the broadcast fee at the time of broadcast to cover being acceptd onchain.. which can be abused by a counter party just editing it so A gets nothing and B gets it all..
3. by allowing certain things to change after signing. is infact bringing back malleability for those that use a TXID to identify a tx has been confirmed. as a TXID would change if values change.. just like how malleation abused old transactions by editing a tx without needing to re-sign a tx
________________________________
From: bitcoin-dev-bounces at lists.linuxfoundation.org <bitcoin-dev-bounces at lists.linuxfoundation.org> on behalf of Rusty Russell via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
Sent: 13 July 2018 00:04:14
To: DING FENG; Luke Dashjr
Cc: Bitcoin Protocol Discussion; lightning-dev at lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] [Lightning-dev] BIP sighash_noinput
DING FENG <dingfeng12345 at gmail.com> writes:
> Hi,
>
> I'm a junior developer and a bitcoin user.
> And I have read this thread carefully.
>
> I'm very worried about "SIGHASH_NOINPUT".
>
> Because "SIGHASH_NOINPUT" looks will be widely used, and it makes reuse
> address more dangerous.
No.
A wallet should *never* create a SIGHASH_NOINPUT to spend its own UTXOs.
SIGHASH_NOINPUT is useful for smart contracts which have unique
conditions, such as a pair of peers rotating keys according to an agreed
schedule (eg. lightning).
Cheers,
Rusty.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev at lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180713/62400699/attachment.html>;
fred savage [ARCHIVE] /
npub1d8…rr83s
2023-06-07 18:13:27
in reply to nevent1q…hnzh
Author Public Key
npub1d89lpeklcacchd9xrqx58x8zz7ep340q6gkdns22c3sc7apkv4xsqrr83sSeen on
wss://relay.nostr.bandPublished at
2023-06-07 18:13:27Event JSON
{
"id": "b52cdc445894909162eb92ebc6911e10b4944c93659a970f2da9fc6a91e315d8",
"pubkey": "69cbf0e6dfc7718bb4a6180d4398e217b218d5e0d22cd9c14ac4618f7436654d",
"created_at": 1686161607,
"kind": 1,
"tags": [
[
"e",
"9cfe46432c0fa07c164110c1acad44ea6d9df7a15d9bc858d6a0b516a4683320",
"",
"root"
],
[
"e",
"d26d5bbf7110a5988f9ca4484d40e85a34a5390ba7415746ffdd1b32ce8ee988",
"",
"reply"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
]
],
"content": "📅 Original date posted:2018-07-13\n📝 Original message:the issues with sighash_noinput is this\n\n 1. you cannot prevent address-reuse. because bitcoin is a PUSH payment. meaning other people can send funds to one address without the owner of the key approval/refusal. thus luke cannot control address reuse if many people start spamming him donations.\n 2. for average users who would just 'autopilot' LN and only see the GUI. they will have no clue what transaction types and technicals are happening under the hood. also with LN being not validated by the community. a user creating a channel could tweak their own LN node to make their counterparty sign a sighash-noinput as a term/condition of the channel\nthis is also a risk for the under the hood raw tx risks where a tx can be signed but then allow the out's to alter value(using a different opcode). .. you know the premiss of allowing a counterpart to alter the outs value to vary so that they can control the broadcast fee at the time of broadcast to cover being acceptd onchain.. which can be abused by a counter party just editing it so A gets nothing and B gets it all..\n 3. by allowing certain things to change after signing. is infact bringing back malleability for those that use a TXID to identify a tx has been confirmed. as a TXID would change if values change.. just like how malleation abused old transactions by editing a tx without needing to re-sign a tx\n\n________________________________\nFrom: bitcoin-dev-bounces at lists.linuxfoundation.org \u003cbitcoin-dev-bounces at lists.linuxfoundation.org\u003e on behalf of Rusty Russell via bitcoin-dev \u003cbitcoin-dev at lists.linuxfoundation.org\u003e\nSent: 13 July 2018 00:04:14\nTo: DING FENG; Luke Dashjr\nCc: Bitcoin Protocol Discussion; lightning-dev at lists.linuxfoundation.org\nSubject: Re: [bitcoin-dev] [Lightning-dev] BIP sighash_noinput\n\nDING FENG \u003cdingfeng12345 at gmail.com\u003e writes:\n\u003e Hi,\n\u003e\n\u003e I'm a junior developer and a bitcoin user.\n\u003e And I have read this thread carefully.\n\u003e\n\u003e I'm very worried about \"SIGHASH_NOINPUT\".\n\u003e\n\u003e Because \"SIGHASH_NOINPUT\" looks will be widely used, and it makes reuse\n\u003e address more dangerous.\n\nNo.\n\nA wallet should *never* create a SIGHASH_NOINPUT to spend its own UTXOs.\nSIGHASH_NOINPUT is useful for smart contracts which have unique\nconditions, such as a pair of peers rotating keys according to an agreed\nschedule (eg. lightning).\n\nCheers,\nRusty.\n_______________________________________________\nbitcoin-dev mailing list\nbitcoin-dev at lists.linuxfoundation.org\nhttps://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180713/62400699/attachment.html\u003e",
"sig": "e7786012392ec693072d25d8971908e931ae49f19e4ef99949b1853b5449af5f271fc197bd8e8770b2af0b274a26aed2d2e5beed90e704befa22ebb5b389882d"
}