diff options
author | Pieter Wuille <pieter.wuille@gmail.com> | 2019-02-08 16:39:54 -0800 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2019-02-09 00:40:19 +0000 |
commit | 20c98136f2cb0663359a644a22acb4eb9a87efd8 (patch) | |
tree | 2f24230d636eb85af20966bc6b3606cb190490e5 | |
parent | b0fe012bb42b5274013cbbe9c48f547311fb14f4 (diff) | |
download | pi-bitcoindev-20c98136f2cb0663359a644a22acb4eb9a87efd8.tar.gz pi-bitcoindev-20c98136f2cb0663359a644a22acb4eb9a87efd8.zip |
Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT
-rw-r--r-- | fa/fe5f8221cfee4b988c2a9d914ca97d0606fe6d | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/fa/fe5f8221cfee4b988c2a9d914ca97d0606fe6d b/fa/fe5f8221cfee4b988c2a9d914ca97d0606fe6d new file mode 100644 index 000000000..2fff11dbd --- /dev/null +++ b/fa/fe5f8221cfee4b988c2a9d914ca97d0606fe6d @@ -0,0 +1,96 @@ +Return-Path: <pieter.wuille@gmail.com> +Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org + [172.17.192.35]) + by mail.linuxfoundation.org (Postfix) with ESMTPS id 1E6F7CA35 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 9 Feb 2019 00:40:19 +0000 (UTC) +X-Greylist: whitelisted by SQLgrey-1.7.6 +Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com + [209.85.210.51]) + by smtp1.linuxfoundation.org (Postfix) with ESMTPS id ECF68F4 + for <bitcoin-dev@lists.linuxfoundation.org>; + Sat, 9 Feb 2019 00:40:17 +0000 (UTC) +Received: by mail-ot1-f51.google.com with SMTP id n8so8928263otl.6 + for <bitcoin-dev@lists.linuxfoundation.org>; + Fri, 08 Feb 2019 16:40:17 -0800 (PST) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; + h=mime-version:references:in-reply-to:from:date:message-id:subject:to; + bh=6BM751ZipOw4G2SravIJPMnEotQlTAaRU1o5uccATPo=; + b=oDUnj6TONZ9ffyWbvV2IwMiafDgueu7/1xS08HuMz9n3mKcHFXFkcnJx0FQ3YE0EmI + lAnEZHV+qCK7hGlDAX9ntZOsdJDh5txvjJ5WmFUUTRdtSAXAEAhb/cs2+4HymKx+Pgt2 + 2EJ3z7QTr12bvZL4fNqA0oZOpFWKrO7SaedL4xSexFvvCOMkKb3E4uxjJeCtcDrCpZcw + PTA1Umv2SmnyfzXE3GyCPQdPc93iTiiMGfO29HJAV5SuuN4Z9tSTsVaXVNd9RbqJhZ1r + EMF5u4BcMa3qTxyuqgbZ/ZRxKoOLvZ0LPbIg8zcCpj5aY8B3/sDaBmp9iCU2LpEaewxg + 3xvg== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20161025; + h=x-gm-message-state:mime-version:references:in-reply-to:from:date + :message-id:subject:to; + bh=6BM751ZipOw4G2SravIJPMnEotQlTAaRU1o5uccATPo=; + b=DyKbyqP7Z3f5oujraeECgZFgpesD46mCI0OuYRH8fpGG1XnjDIgEnueDwCyFW8URsY + 5WvLa37WOJ1hkxMLfkz11PQ8E3h8BlVfhwDF+VzptXyWrFHq6ACmgWQ2nm8Gs1f1q53f + FQxlzOt8JhdiPJ9mf1GFjAL4ZSsahPHtFKBYm0GzM2w+VXoauRVvyU/FJbh94b4Ojt3H + VAI82i1mawILLebLYd7+0AejZV/sVZ+qR5ft4jKYEmJv5NQPLcJW+0A87WS269LAScqb + VmHUlq1BeWeZ2i6/nN1a8Ze4zidq6lM21bWxJbr5Azelu1AnXi9Y83F2fr4wpDvRVmfb + fe1Q== +X-Gm-Message-State: AHQUAubbThUjMALWcHep5bhzCm0xuSbHMuDZkBRVe7urOlEkKz1ydiW0 + ZCIBDAzk+5rF3yKh1P+ZaJ1mDgL51bYlrtNOgvTxFg== +X-Google-Smtp-Source: AHgI3Ibgyc87oOKmEEMy8DjgF7NXqSpNX7DpM7oPFTFijSLYkcaiGbZZCIVVz4qp2ObzG95TmYHjHtVjzeQTMim2fso= +X-Received: by 2002:a9d:3a22:: with SMTP id j31mr15813229otc.238.1549672815868; + Fri, 08 Feb 2019 16:40:15 -0800 (PST) +MIME-Version: 1.0 +References: <CAPg+sBhuPG-2GXc+Bp0yv5ywry2fk56LPLT4AY0Kcs+YEoz4FA@mail.gmail.com> + <87ftv3xerx.fsf@rustcorp.com.au> + <DAAB7568-A004-4897-B5B3-0FBBC6895246@xbt.hk> + <87pnu6s3v5.fsf@rustcorp.com.au> <87h8fiqn1z.fsf@rustcorp.com.au> + <20181214093002.p2nvfrlaycqblww3@erisian.com.au> + <8736qyhsej.fsf@rustcorp.com.au> + <6DE5291C-629D-4080-9B0C-E18BEFA28B16@xbt.hk> + <87efaenydd.fsf@rustcorp.com.au> +In-Reply-To: <87efaenydd.fsf@rustcorp.com.au> +From: Pieter Wuille <pieter.wuille@gmail.com> +Date: Fri, 8 Feb 2019 16:39:54 -0800 +Message-ID: <CAPg+sBgWrvqbj9AXJxmtAiQ88GoMGHZMNkDBJ_-cBujYSA_FUQ@mail.gmail.com> +To: Rusty Russell <rusty@rustcorp.com.au>, + Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +Content-Type: text/plain; charset="UTF-8" +X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, + DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, + RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + smtp1.linux-foundation.org +X-Mailman-Approved-At: Sat, 09 Feb 2019 14:48:51 +0000 +Subject: Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.12 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Sat, 09 Feb 2019 00:40:19 -0000 + +On Wed, 19 Dec 2018 at 18:06, Rusty Russell via bitcoin-dev +<bitcoin-dev@lists.linuxfoundation.org> wrote: +> +> Meanwhile, both SIGHASH_NOINPUT and OP_MASK have the reuse-is-dangerous +> property; with OP_MASK the danger is limited to reuse-on-the-same-script +> (ie. if you use the same key for a non-lightning output and a lightning +> output, you're safe with OP_MASK. However, this is far less likely in +> practice). + +Having had some more time to consider this and seeing discussions +about alternatives, I agree. It doesn't seem that OP_MASK protects +against any likely failure modes. I do think that there are realistic +risks around NOINPUT, but output tagging (as suggested in another ML +thread) seems to match those much better than masking does. + +Cheers, + +-- +Pieter + |