Return-Path: <junderwood@bitcoinbank.co.jp>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 266CB3BBC
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  9 Jul 2019 15:59:09 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com
	[209.85.219.169])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A33F3881
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  9 Jul 2019 15:59:08 +0000 (UTC)
Received: by mail-yb1-f169.google.com with SMTP id f18so6013573ybr.10
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 09 Jul 2019 08:59:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=bitcoinbank.co.jp; s=google;
	h=mime-version:from:date:message-id:subject:to;
	bh=2awtmMfRRzcvD0lx6s5+0t5lAkgjwuyJBZ/nZl7kY20=;
	b=Ie7CSHRsRwEEWkijI0Ogs7cwIblvK5UK3Q8fsSQlR1R8Qpldy7a5xKtap0SRoySgEN
	dM+fJlEsTX5a1kl5kVkUzgLkVEl8AqAjdMFw84C4xydv0Uzsj2A+fKDVQEvMxT3Wl434
	dvi53DtZZ/VUaImMdENUKitNtEhmAwPIMkx7JWBt/UCUGNaCvLoSBHzcKwRUEPes3Zbr
	zNXhAiCuiQP+1XRBWg+AWui7smyA4rQfyQiAEaGPQWTTFYGcvqmBeMcoYXMCRSvi82l6
	6kImVl2tVGXyEIUIKma5gCh/W4Q/mLn5TyjgDAQj9VKgeX0cNON5wujGbegCOq1XXzCh
	d9XQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
	bh=2awtmMfRRzcvD0lx6s5+0t5lAkgjwuyJBZ/nZl7kY20=;
	b=tVNuVO9S5ejQSQuBHWSnsq1qxEdWlylZQ8gj5TI01QSXjMqjWGMwTcDKpSM5X55+ZG
	MHXPQOgyyCejX0yrmoHI9dIEdU2m5ZRx8eA47+ATlQKah5xWeb9TRZdfFOF50kYu0SJ4
	m8IQz3EkyQIjshKWw6kbcbZ3oxgvCWZRIf4IqALMDS8i/peSrC1MmfKKZFEkZVAd7Ty0
	BrHub1RaT47qvxaGwPPatJa+RAb+5thWFKBChRKrHx2MX+Dx6IKz/HyBpPoIMhli13tK
	zl5F2sAN6UfNS+oEG+FELrIbhW/YgvLKk6tJrjZbIHXKdWOovy6l/Dp/H26AZAvVykaJ
	JAsQ==
X-Gm-Message-State: APjAAAVadlX4miVm0qOUgpLprh7Gi7XJGUvzEpLLZ87fSPxMu/CDZfdL
	FfyFx60zEs+Xqp0fx+vtVCTTL1E8HEuXZYa/I1e74Jo=
X-Google-Smtp-Source: APXvYqwLOquOBLxI+bxJZGvehgp/+ETH2jchrPG1QYE+IOUybN/y292u8OINLpMja/vGUOzor4jyjQHneo0LBf+6H84=
X-Received: by 2002:a25:3fc4:: with SMTP id m187mr7066103yba.52.1562687947569; 
	Tue, 09 Jul 2019 08:59:07 -0700 (PDT)
MIME-Version: 1.0
From: Jonathan Underwood <junderwood@bitcoinbank.co.jp>
Date: Wed, 10 Jul 2019 00:58:56 +0900
Message-ID: <CAMpN3mLtKXoFerZnpM_qs-CS6fjJFzmPS5+Ri0j27YwRmqam-A@mail.gmail.com>
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="00000000000002b1e1058d41a432"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 09 Jul 2019 18:49:26 +0000
Subject: [bitcoin-dev] BIP174 amendment proposal (Important Signer Check
	should be mentioned)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 15:59:09 -0000

--00000000000002b1e1058d41a432
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi all,

Just to be brief, I'll kick off with an attack scenario.

1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign
according to the PSBT as-is.
2. I notice my UTXO was stolen by a hacker because they changed my PSBT
input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the
fact they changed the outputs to send to themselves, and added an input
they signed with SIGHASH_ALL.
3. I lose the BTC in my UTXO.

So we should definitely add to the signer checks "ensure the sighash type
given is the type of sighash you want to sign." etc.

My proposal for a wording change would be addition to the bullet list:

- If a sighash type is provided, the signer MUST check that the sighash
type is acceptable to them, and fail signing if unacceptable.
- If a sighash type is not provided, the signer SHOULD sign using
SIGHASH_ALL, but may sign with any sighash type they wish.

Any thoughts?

Thanks,
Jon

--=20
-----------------
Jonathan Underwood
=E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE =E3=83=81=
=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=
=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC
-----------------

=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=E3=
=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=81=
=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=94=
=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82

=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3

--00000000000002b1e1058d41a432
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi all,<div><br></div><div>Just to be brief, I&#39;ll kick=
 off with an attack scenario.</div><div><br></div><div>1. I am a signer, I =
get a PSBT that is ready to sign. I parse. I sign according to the PSBT as-=
is.<br>2. I notice my UTXO was stolen by a hacker because they changed my P=
SBT input&#39;s sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and afte=
r the fact they changed the outputs to send to themselves, and added an inp=
ut they signed with SIGHASH_ALL.</div><div>3. I lose the BTC in my UTXO.</d=
iv><div><br></div><div>So we should definitely add to the signer checks &qu=
ot;ensure the sighash type given is the type of sighash you want to sign.&q=
uot; etc.</div><div><br></div><div>My proposal for a wording change would b=
e addition to the bullet list:</div><div><br></div><div>- If a sighash type=
 is provided, the signer MUST check that the sighash type is acceptable to =
them, and fail signing if unacceptable.</div><div>- If a sighash type is no=
t provided, the signer SHOULD sign using SIGHASH_ALL, but may sign with any=
 sighash type they wish.</div><div><br></div><div>Any thoughts?</div><div><=
br></div><div>Thanks,</div><div>Jon<br clear=3D"all"><div><br></div>-- <br>=
<div dir=3D"ltr" class=3D"gmail_signature" data-smartmail=3D"gmail_signatur=
e"><div dir=3D"ltr"><div><div dir=3D"ltr"><div dir=3D"ltr"><div>-----------=
------<br></div><div>Jonathan Underwood</div><div>=E3=83=93=E3=83=83=E3=83=
=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE=E3=80=80=E3=83=81=E3=83=BC=E3=83=95=
=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=82=AA=E3=83=95=E3=
=82=A3=E3=82=B5=E3=83=BC</div><div>-----------------</div><div><br></div><d=
iv>=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=
=E3=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=
=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=
=94=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82</div><div><br></d=
iv><div>=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3</div=
></div></div></div></div></div></div></div>

--00000000000002b1e1058d41a432--