Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 0D117C002D for ; Sat, 7 May 2022 04:50:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 04113829AF for ; Sat, 7 May 2022 04:50:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (1024-bit key) header.d=gazeta.pl Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Iwx3_z5IFoe for ; Sat, 7 May 2022 04:50:21 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from smtpo92.poczta.onet.pl (smtpo92.poczta.onet.pl [213.180.149.145]) by smtp1.osuosl.org (Postfix) with ESMTPS id B690882848 for ; Sat, 7 May 2022 04:50:20 +0000 (UTC) Received: from mta3.m5r2.onet (mta3.m5r2.onet [10.174.35.137]) by smtp.poczta.onet.pl (Onet) with ESMTP id 4KwFNh1yqpzlgBtL for ; Sat, 7 May 2022 06:50:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gazeta.pl; s=2013; t=1651899012; bh=dZ+ZPHt/5thfWlbPpH0W7XeiwO90x0K8yx77yxoXypg=; h=From:To:Subject:Date:From; b=bSxUGKQGh5TDIlgAlxm0lYkGEMIzQx1Co0zvO7S0ihYca4uk9ucFIDpYaDL6sjYXN u93brSVojFw5g5k1IvKhIPx0Z2iJG8pcjwhD1n1I1dK6+b4NPKwOvSPnT3QrqBgCA6 kM6RHkZ2EfWJ7SwEulkodXMAZ7Oqy9u+QAIBt9eY= Content-Type: text/plain; charset=utf-8 X-Mailer: onet.poczta X-Priority: 3 X-Onet-Pmq: ;5.173.233.66;PL;1 Received: from [5.173.233.66] by mta2.m5r2.onet with HTTP id 0809e15f2cfefe0b; Sat, 07 May 2022 06:50:12 +0200 From: vjudeu@gazeta.pl To: bitcoin-dev@lists.linuxfoundation.org Message-ID: <75be7180-709a-b735-a27b-50d0c6a2af5b@gazeta.pl> Content-Transfer-Encoding: quoted-printable Date: Sat, 07 May 2022 04:50:12 +0000 MIME-Version: 1.0 X-Mailman-Approved-At: Sat, 07 May 2022 08:54:25 +0000 Subject: [bitcoin-dev] Adding SIGHASH to TXID X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 May 2022 04:50:22 -0000 For now, we have txid:vout as a previous transaction output. This means = that to have a stable TXID, we are forced to use SIGHASH_ALL somewhere, = just to prevent any transaction modifications that can happen during adding= some inputs and outputs. But it seems that new sighashes could be far more= powerful than we expected: it is technically possible to not only remove = previous transaction output by using SIGHASH_ANYPREVOUT. We can do more and= do it better, we could decide, how to calculate this txid at all! So, something like SIGHASH_PREVOUT_NONE would be similar to SIGHASH_NONE = (applied to the previous transaction, taken from txid). To have = SIGHASH_ANYPREVOUT, we need to remove absolutely everything, I don't know = any such sighashes, because even SIGHASH_NONE | SIGHASH_ANYONECANPAY will = commit at least to some fields, for example to the locktime. But, if we = introduce SIGHASH_PREVOUT_XYZ flags for all existing sighashes, we would = have this: SIGHASH_PREVOUT_NONE SIGHASH_PREVOUT_SINGLE SIGHASH_PREVOUT_ALL SIGHASH_PREVOUT_ANYONECANPAY Then, the procedure is as follows: we use = txid:vout to find our previous transaction. Then, we apply those sighashes = to this previous transaction, to form a new txid, that will be checked = during every OP_CHECKSIG-based opcode. In this way, our txid:vout is used = just to do transaction lookup, after that, sighashes can be applied to the = previous transaction, so our txid could remain stable, even if someone will= add some inputs and outputs. By default, we could use SIGHASH_PREVOUT_ALL= , that would mean our txid:vout remains unchanged. Then, = SIGHASH_PREVOUT_SINGLE would obviously mean, that we want to commit only to= this particular previous transaction output. That would allow adding any = new outputs to the previous transaction, without affecting our replaced = txid, but also without blindly accepting any txid, because some data of the= previous transaction would be still hashed. Then, SIGHASH_PREVOUT_NONE is= an interesting case, because it would mean that no outputs of the previous= transaction are checked. But still, the inputs will be! That would mean: = "I don't care about in-between addresses, but I care that it was initiated = from these inputs". In this case, it is possible to choose some input = without those flags, and then apply SIGHASH_PREVOUT_NONE many times, to = make sure that everything started from that input, but everything = in-between can be anything. All of those three SIGHASH_PREVOUT_XYZ flags = could be combined with SIGHASH_PREVOUT_ANYONECANPAY. That would mean all = inputs of the previous transaction are discarded, except from the input = number matching "vout". Or we could just use SIGHASH_PREVOUT_ANY instead = and discard all inputs from that previous transaction, that could also be = combined with other sighashes. So, to sum up, by applying sighashes to the= previous transaction, instead of allowing for any transaction, we could = still have some control of our txid, and I think it could be better than = just saying "give me any txid, I will accept that". I think in most cases = we don't want to allow any txid: we want to only "control the flow", just = to make sure that our signatures will sign what we want and will not be = invalidated by changing some transaction inputs and outputs, unrelated to = the currently-checked signature.