1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
|
Return-Path: <junderwood@bitcoinbank.co.jp>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 354233AB6
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 9 Jul 2019 22:21:39 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yw1-f51.google.com (mail-yw1-f51.google.com
[209.85.161.51])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 9754C67F
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 9 Jul 2019 22:21:38 +0000 (UTC)
Received: by mail-yw1-f51.google.com with SMTP id z63so162112ywz.9
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 09 Jul 2019 15:21:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bitcoinbank.co.jp; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=8Wkyun53VyXSpbVZ931Xrl9vweizwIqS7Th1GxU6aFw=;
b=PCUl5CzAcVuUMpT0XmuzFAzDhUGCz4QE8JINQS1VLqGt+ZjDPpq+gtu6QHl4WdZ9zK
FTXjJ1MhyP7g2rNGBohjtpXK1HduyrMlF+aqkrF8Q0LAznd9pGPNKQVRzkcS73w+0pbO
5a46RTuggpfHGQQQujr236w/132CskX8VjiP2LX4uTZJn23bmgdAx152tfeFPuX3e6JJ
/Zds4gQjQMwCeVoWvgKVMTf0VfM+heCdcBWgPWvUpzCWQeG8b6Xssv62VOrExYuAe9ki
/SeG16IroAs2Zi82z6W+aU6n+20IR7pmJI9o3j8scPeMFDZ4fidbm85Wr5E+lDVf//sc
y21Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=8Wkyun53VyXSpbVZ931Xrl9vweizwIqS7Th1GxU6aFw=;
b=WGWnNOpW3ANU/K2vPMl0ZSb7wKy0azk34wJxhmHpY77l9YBedazqLOrC51gYBeEC1a
0ZSQEpa6WYii8G1acL5rcxyZfTnu1v4YSFdEDjzRrJQRlPNFTCaeRNF+9Y2G80zB1rsB
clLAZECBy+8oRAVBO5myAjwf4r56TXiPstnkKhEv6QXaLRNzThkrP/rp8B3YYKeYHJte
spA7TUpFocu1TZS0NsnuLz3moRYYE0fKiMb9PbuyTVlNHdbnFNA+OHan3BoAskFg96aL
TPbARy9jj/AycSKXzKzdiXjf5NMmPhPiewvS3DimL4DPwcgyND4ZVfaCREeC8SuXIYNS
gDfw==
X-Gm-Message-State: APjAAAX+kx7ZU9/Bz8bQOclsSbKwYv9OVvWYaYi53/FGRSYvBOrUwnOW
h6llidsK+BGCgqENTMTBXyFEf+DsosT6KieeEjoP
X-Google-Smtp-Source: APXvYqwGl0n/SJVQjTYdIDwxdPWo+nBhKmkrIjvhDLdRRZsvrStOMIC8039buSGUVUrjBMOSfibnRZ9k13lAeG5v6wM=
X-Received: by 2002:a81:5e44:: with SMTP id s65mr15543187ywb.441.1562710897555;
Tue, 09 Jul 2019 15:21:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAMpN3mLtKXoFerZnpM_qs-CS6fjJFzmPS5+Ri0j27YwRmqam-A@mail.gmail.com>
<cimBiAqniTMJ06jVVlflC_H15_eDo7hDkdcwrxK84-4IBKJIFaKr2c6NJCev85v633R-xcGQ9w0csmQMF0Zzq6Zr83uj2gDB2oWS531MKaM=@achow101.com>
In-Reply-To: <cimBiAqniTMJ06jVVlflC_H15_eDo7hDkdcwrxK84-4IBKJIFaKr2c6NJCev85v633R-xcGQ9w0csmQMF0Zzq6Zr83uj2gDB2oWS531MKaM=@achow101.com>
From: Jonathan Underwood <junderwood@bitcoinbank.co.jp>
Date: Wed, 10 Jul 2019 07:21:25 +0900
Message-ID: <CAMpN3mJ1qz0XZjHqBzEYNVe0d+YXV18VtMsxqn4D5gt45diZdg@mail.gmail.com>
To: Andrew Chow <achow101-lists@achow101.com>
Content-Type: multipart/alternative; boundary="000000000000ef94e9058d46fbbf"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 10 Jul 2019 05:16:23 +0000
Cc: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP174 amendment proposal (Important Signer Check
should be mentioned)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 22:21:39 -0000
--000000000000ef94e9058d46fbbf
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi Andrew,
Ok, I will go ahead and write the amendment and make a PR.
Thanks!
Jon
2019=E5=B9=B47=E6=9C=8810=E6=97=A5(=E6=B0=B4) 5:26 Andrew Chow <achow101-li=
sts@achow101.com>:
> This was the original intent of the sighash field. Either the sighash is
> acceptable to the signer and the signer signs with it, or they do not sig=
n
> at all.
>
> On 7/9/19 11:58 AM, Jonathan Underwood via bitcoin-dev wrote:
>
> Hi all,
>
> Just to be brief, I'll kick off with an attack scenario.
>
> 1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign
> according to the PSBT as-is.
> 2. I notice my UTXO was stolen by a hacker because they changed my PSBT
> input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the
> fact they changed the outputs to send to themselves, and added an input
> they signed with SIGHASH_ALL.
> 3. I lose the BTC in my UTXO.
>
> So we should definitely add to the signer checks "ensure the sighash type
> given is the type of sighash you want to sign." etc.
>
> My proposal for a wording change would be addition to the bullet list:
>
> - If a sighash type is provided, the signer MUST check that the sighash
> type is acceptable to them, and fail signing if unacceptable.
> - If a sighash type is not provided, the signer SHOULD sign using
> SIGHASH_ALL, but may sign with any sighash type they wish.
>
> Any thoughts?
>
> Thanks,
> Jon
>
> --
> -----------------
> Jonathan Underwood
> =E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE =E3=83=81=
=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=
=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC
> -----------------
>
> =E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=
=E3=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=
=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=
=94=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82
>
> =E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
>
>
>
--000000000000ef94e9058d46fbbf
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">Hi Andrew,<div dir=3D"auto"><br></div><div dir=3D"auto">O=
k, I will go ahead and write the amendment and make a PR.</div><div dir=3D"=
auto"><br></div><div dir=3D"auto">Thanks!</div><div dir=3D"auto">Jon</div><=
/div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">2=
019=E5=B9=B47=E6=9C=8810=E6=97=A5(=E6=B0=B4) 5:26 Andrew Chow <<a href=
=3D"mailto:achow101-lists@achow101.com">achow101-lists@achow101.com</a>>=
:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bor=
der-left:1px #ccc solid;padding-left:1ex"><div>
<font size=3D"-1">This was the original intent of the sighash field.
Either the sighash is acceptable to the signer and the signer
signs with it, or they do not sign at all.</font><br>
<br>
<div class=3D"m_-427630123853646621moz-cite-prefix">On 7/9/19 11:58 AM,=
Jonathan Underwood
via bitcoin-dev wrote:<br>
</div>
<blockquote type=3D"cite">
=20
<div dir=3D"ltr">Hi all,
<div><br>
</div>
<div>Just to be brief, I'll kick off with an attack scenario.</=
div>
<div><br>
</div>
<div>1. I am a signer, I get a PSBT that is ready to sign. I
parse. I sign according to the PSBT as-is.<br>
2. I notice my UTXO was stolen by a hacker because they
changed my PSBT input's sighashtype to SIGHASH_ANYONECANPAY |
SIGHASH_NONE and after the fact they changed the outputs to
send to themselves, and added an input they signed with
SIGHASH_ALL.</div>
<div>3. I lose the BTC in my UTXO.</div>
<div><br>
</div>
<div>So we should definitely add to the signer checks "ensure
the sighash type given is the type of sighash you want to
sign." etc.</div>
<div><br>
</div>
<div>My proposal for a wording change would be addition to the
bullet list:</div>
<div><br>
</div>
<div>- If a sighash type is provided, the signer MUST check that
the sighash type is acceptable to them, and fail signing if
unacceptable.</div>
<div>- If a sighash type is not provided, the signer SHOULD sign
using SIGHASH_ALL, but may sign with any sighash type they
wish.</div>
<div><br>
</div>
<div>Any thoughts?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Jon<br clear=3D"all">
<div><br>
</div>
-- <br>
<div dir=3D"ltr" class=3D"m_-427630123853646621gmail_signature" d=
ata-smartmail=3D"gmail_signature">
<div dir=3D"ltr">
<div>
<div dir=3D"ltr">
<div dir=3D"ltr">
<div>-----------------<br>
</div>
<div>Jonathan Underwood</div>
<div>=E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=
=82=AF=E7=A4=BE=E3=80=80=E3=83=81=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=
=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC=
</div>
<div>-----------------</div>
<div><br>
</div>
<div>=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=
=83=A1=E3=83=83=E3=82=BB=E3=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=
=8A=E3=81=AE=E6=96=B9=E3=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=
=E9=8D=B5=E3=82=92=E3=81=94=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=
=80=82</div>
<div><br>
</div>
<div>=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998=
682F3590FEA3</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
=20
</div></blockquote></div>
--000000000000ef94e9058d46fbbf--
|
