1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
Return-Path: <decker.christian@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id CDFF2F5A;
Tue, 3 Jul 2018 12:05:20 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 80400704;
Tue, 3 Jul 2018 12:05:19 +0000 (UTC)
Received: by mail-wm0-f66.google.com with SMTP id b188-v6so2065344wme.3;
Tue, 03 Jul 2018 05:05:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:cc:subject:in-reply-to:references:date:message-id
:mime-version; bh=MZCi9zgt/kcTVzWqq7yQdSri+MjCYuTfgb+O1kkYH1Y=;
b=Q7PB9+qVj7YWAD7/jQ+JUoAF0VDnm6BErM3zSGW5j3koxsZBt2UTSxF8ZsI0rZAO1u
4irFkA+YI/ymZ2czUwBxiJ5ULvZYbgzv2NIAbyOubwEEHGBKYiBJP8w7kaAIK8fk69Tp
iNsetEGcrug4eMVj35bQnF5uyJPmbJc4iAeTwyN39cw0A1qtdv3gJIeqDtqHtCBj0ZEU
bLekaoOqyWMpRBTsEo8FjdHVwU8JxLuWoyJDvoSjQ6ebYcyAG73gBK8tOGb85EZc36W1
3wGZlHTsUFkPQOKCLsIw9ORkbIk1+KeD6E1B9C8du6gfw0hXZDQUGN0JqueSlI987mXT
QOOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date
:message-id:mime-version;
bh=MZCi9zgt/kcTVzWqq7yQdSri+MjCYuTfgb+O1kkYH1Y=;
b=d5SHh+ZD1uvTElROmnSMFEq4JLvg6/S0C+poFQ9YnY4HMFZG8iQbru2cNFTYaP7ecV
DLMZxFYCMk9ftV+lm1q/h+2RcC3h3BLkuJt/xYtTqiKF/TDrWZGEqqcAqHLGvilCyWzd
j9CV6gXTBGt7GIgoItAuubofijCZ6SoCKC10Jc4WJKcjL01vqhuoBbT4LXIosscr22nm
mSPrs1KqLNusM4QWdZ1SxJRv6/urPd6liObU45uKQdaywPxLU3okaUsx/ou95V2BlsIR
dLwqRs39oTtiqqI0t1b3tyBy3wRt2mphiejDp3t9OODR+jFB3N96MX8AtOMitoNL8rkU
8hDg==
X-Gm-Message-State: APt69E2V57d7B4LsUkqs83PyS/UXJ+fMyvZzfgy8psOcdG0pWPFKoSB4
TvSQ/Zi8TOX1V0ATB0OAW1c=
X-Google-Smtp-Source: AAOMgpf5rNwSYUwD0Q2OZZAKVP5p9xlcAYbX44uI/NpJWCWH3s7ky1a35dh18M/ve3vhm/Uwm2425Q==
X-Received: by 2002:a1c:3c4:: with SMTP id 187-v6mr9984828wmd.96.1530619518108;
Tue, 03 Jul 2018 05:05:18 -0700 (PDT)
Received: from localhost ([89.180.169.210]) by smtp.gmail.com with ESMTPSA id
125-v6sm2267476wmw.9.2018.07.03.05.05.16
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 03 Jul 2018 05:05:16 -0700 (PDT)
From: Christian Decker <decker.christian@gmail.com>
To: Gregory Maxwell <greg@xiph.org>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
In-Reply-To: <CAAS2fgS-_D7aBcDf_nAbuREBxv65zYMr60-1YqCnx-esvRVfEg@mail.gmail.com>
References: <871sewirni.fsf@gmail.com>
<CAAS2fgS-_D7aBcDf_nAbuREBxv65zYMr60-1YqCnx-esvRVfEg@mail.gmail.com>
Date: Tue, 03 Jul 2018 14:05:09 +0200
Message-ID: <871sckjzii.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: lightning-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] BIP sighash_noinput
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 12:05:20 -0000
Gregory Maxwell <greg@xiph.org> writes:
> I know it seems kind of silly, but I think it's somewhat important
> that the formal name of this flag is something like
> "SIGHASH_REPLAY_VULNERABLE" or likewise or at least
> "SIGHASH_WEAK_REPLAYABLE". This is because noinput is materially
> insecure for traditional applications where a third party might pay to
> an address a second time, and should only be used in special protocols
> which make that kind of mistake unlikely. Otherwise, I'm worried
> that wallets might start using this sighash because it simplifies
> handling malleability without realizing that when a third party reuses
> a script pubkey, completely outside of control of the wallet that uses
> the flag, funds will be lost as soon as a troublemaker shows up (but
> not, sadly, in testing). This sort of risk is magnified because the
> third party address reuser has no way to know that this sighash flag
> has (or will) be used with a particular scriptpubkey.
Absolutely agree that we should be signaling the danger of using noinput
as clearly as possible to developers, and I'm more than happy to adopt
the _unsafe suffix suggested by jb55. I think using non-sighash_all
sighashes is always a huge danger, as you have correctly pointed out, so
maybe we should be marking all of them as being unsafe, or make sure to
communicate that danger on a higher level (docs).
|
