summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPieter Wuille <pieter.wuille@gmail.com>2019-02-08 16:39:54 -0800
committerbitcoindev <bitcoindev@gnusha.org>2019-02-09 00:40:19 +0000
commit20c98136f2cb0663359a644a22acb4eb9a87efd8 (patch)
tree2f24230d636eb85af20966bc6b3606cb190490e5
parentb0fe012bb42b5274013cbbe9c48f547311fb14f4 (diff)
downloadpi-bitcoindev-20c98136f2cb0663359a644a22acb4eb9a87efd8.tar.gz
pi-bitcoindev-20c98136f2cb0663359a644a22acb4eb9a87efd8.zip
Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT
-rw-r--r--fa/fe5f8221cfee4b988c2a9d914ca97d0606fe6d96
1 files changed, 96 insertions, 0 deletions
diff --git a/fa/fe5f8221cfee4b988c2a9d914ca97d0606fe6d b/fa/fe5f8221cfee4b988c2a9d914ca97d0606fe6d
new file mode 100644
index 000000000..2fff11dbd
--- /dev/null
+++ b/fa/fe5f8221cfee4b988c2a9d914ca97d0606fe6d
@@ -0,0 +1,96 @@
+Return-Path: <pieter.wuille@gmail.com>
+Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
+ [172.17.192.35])
+ by mail.linuxfoundation.org (Postfix) with ESMTPS id 1E6F7CA35
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Sat, 9 Feb 2019 00:40:19 +0000 (UTC)
+X-Greylist: whitelisted by SQLgrey-1.7.6
+Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com
+ [209.85.210.51])
+ by smtp1.linuxfoundation.org (Postfix) with ESMTPS id ECF68F4
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Sat, 9 Feb 2019 00:40:17 +0000 (UTC)
+Received: by mail-ot1-f51.google.com with SMTP id n8so8928263otl.6
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Fri, 08 Feb 2019 16:40:17 -0800 (PST)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
+ h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
+ bh=6BM751ZipOw4G2SravIJPMnEotQlTAaRU1o5uccATPo=;
+ b=oDUnj6TONZ9ffyWbvV2IwMiafDgueu7/1xS08HuMz9n3mKcHFXFkcnJx0FQ3YE0EmI
+ lAnEZHV+qCK7hGlDAX9ntZOsdJDh5txvjJ5WmFUUTRdtSAXAEAhb/cs2+4HymKx+Pgt2
+ 2EJ3z7QTr12bvZL4fNqA0oZOpFWKrO7SaedL4xSexFvvCOMkKb3E4uxjJeCtcDrCpZcw
+ PTA1Umv2SmnyfzXE3GyCPQdPc93iTiiMGfO29HJAV5SuuN4Z9tSTsVaXVNd9RbqJhZ1r
+ EMF5u4BcMa3qTxyuqgbZ/ZRxKoOLvZ0LPbIg8zcCpj5aY8B3/sDaBmp9iCU2LpEaewxg
+ 3xvg==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20161025;
+ h=x-gm-message-state:mime-version:references:in-reply-to:from:date
+ :message-id:subject:to;
+ bh=6BM751ZipOw4G2SravIJPMnEotQlTAaRU1o5uccATPo=;
+ b=DyKbyqP7Z3f5oujraeECgZFgpesD46mCI0OuYRH8fpGG1XnjDIgEnueDwCyFW8URsY
+ 5WvLa37WOJ1hkxMLfkz11PQ8E3h8BlVfhwDF+VzptXyWrFHq6ACmgWQ2nm8Gs1f1q53f
+ FQxlzOt8JhdiPJ9mf1GFjAL4ZSsahPHtFKBYm0GzM2w+VXoauRVvyU/FJbh94b4Ojt3H
+ VAI82i1mawILLebLYd7+0AejZV/sVZ+qR5ft4jKYEmJv5NQPLcJW+0A87WS269LAScqb
+ VmHUlq1BeWeZ2i6/nN1a8Ze4zidq6lM21bWxJbr5Azelu1AnXi9Y83F2fr4wpDvRVmfb
+ fe1Q==
+X-Gm-Message-State: AHQUAubbThUjMALWcHep5bhzCm0xuSbHMuDZkBRVe7urOlEkKz1ydiW0
+ ZCIBDAzk+5rF3yKh1P+ZaJ1mDgL51bYlrtNOgvTxFg==
+X-Google-Smtp-Source: AHgI3Ibgyc87oOKmEEMy8DjgF7NXqSpNX7DpM7oPFTFijSLYkcaiGbZZCIVVz4qp2ObzG95TmYHjHtVjzeQTMim2fso=
+X-Received: by 2002:a9d:3a22:: with SMTP id j31mr15813229otc.238.1549672815868;
+ Fri, 08 Feb 2019 16:40:15 -0800 (PST)
+MIME-Version: 1.0
+References: <CAPg+sBhuPG-2GXc+Bp0yv5ywry2fk56LPLT4AY0Kcs+YEoz4FA@mail.gmail.com>
+ <87ftv3xerx.fsf@rustcorp.com.au>
+ <DAAB7568-A004-4897-B5B3-0FBBC6895246@xbt.hk>
+ <87pnu6s3v5.fsf@rustcorp.com.au> <87h8fiqn1z.fsf@rustcorp.com.au>
+ <20181214093002.p2nvfrlaycqblww3@erisian.com.au>
+ <8736qyhsej.fsf@rustcorp.com.au>
+ <6DE5291C-629D-4080-9B0C-E18BEFA28B16@xbt.hk>
+ <87efaenydd.fsf@rustcorp.com.au>
+In-Reply-To: <87efaenydd.fsf@rustcorp.com.au>
+From: Pieter Wuille <pieter.wuille@gmail.com>
+Date: Fri, 8 Feb 2019 16:39:54 -0800
+Message-ID: <CAPg+sBgWrvqbj9AXJxmtAiQ88GoMGHZMNkDBJ_-cBujYSA_FUQ@mail.gmail.com>
+To: Rusty Russell <rusty@rustcorp.com.au>,
+ Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Content-Type: text/plain; charset="UTF-8"
+X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
+ DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
+ RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+ smtp1.linux-foundation.org
+X-Mailman-Approved-At: Sat, 09 Feb 2019 14:48:51 +0000
+Subject: Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.12
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Sat, 09 Feb 2019 00:40:19 -0000
+
+On Wed, 19 Dec 2018 at 18:06, Rusty Russell via bitcoin-dev
+<bitcoin-dev@lists.linuxfoundation.org> wrote:
+>
+> Meanwhile, both SIGHASH_NOINPUT and OP_MASK have the reuse-is-dangerous
+> property; with OP_MASK the danger is limited to reuse-on-the-same-script
+> (ie. if you use the same key for a non-lightning output and a lightning
+> output, you're safe with OP_MASK. However, this is far less likely in
+> practice).
+
+Having had some more time to consider this and seeing discussions
+about alternatives, I agree. It doesn't seem that OP_MASK protects
+against any likely failure modes. I do think that there are realistic
+risks around NOINPUT, but output tagging (as suggested in another ML
+thread) seems to match those much better than masking does.
+
+Cheers,
+
+--
+Pieter
+