1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
Return-Path: <joseph@lightning.network>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id D67E2D73
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 Feb 2016 01:48:49 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pa0-f45.google.com (mail-pa0-f45.google.com
[209.85.220.45])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7A014141
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 Feb 2016 01:48:49 +0000 (UTC)
Received: by mail-pa0-f45.google.com with SMTP id fy10so41858982pac.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 25 Feb 2016 17:48:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=lightning.network; s=google;
h=date:from:to:cc:subject:message-id:references:mime-version
:content-type:content-disposition:in-reply-to;
bh=ra2nZ9Ke0ljPOH/BbwYpRRBqjLmtPmJcwWHATWByWds=;
b=aL+5/ovq0aWIP+1bT3mxd88aReFI8TFRoyJ1yuCEwSfSIL8mySqpQo5ujW9zRH3+Ra
L8fwESavjBs+mBDmqLZemUjjLYm3DYomC7ppKs5Bh1hkXn1DdlAzziRQ/cZDFYgTO7Hu
B/qHO4/NUFutwUPzclX49Hw7cV8hrV02CvKSE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:date:from:to:cc:subject:message-id:references
:mime-version:content-type:content-disposition:in-reply-to;
bh=ra2nZ9Ke0ljPOH/BbwYpRRBqjLmtPmJcwWHATWByWds=;
b=P9pMrTvPMYPpP2TB2f5liPupPlpmvIMp54YAmC7T8ojH9rTzDCieu1jsKDUKo0yC9P
bFqW2N5iByytQnEw2zhCSmOfL+C9KhNnvEcX9RfHRAlI3IxcAM6acrkkXh8BzA5qE/g5
+SxnKV6sjGnjPZoDUZ+g84COwwfWw3gsovhA3uzvfnp5MrAJhOLxlYYf5W6pG99Yr9qQ
bAlh+i+xtpwTWccu9toy8GK9gJnQfwrZ0cyU30nXg3L1ZJ5bVCrlO7hl57rv5+ghy7lF
4uWtImSHemeOcswF8U/iW4x2LKmHph4kRqVTtaP/G/F5yrUo+t9CgXV1HBQvAC8gVKoY
2icA==
X-Gm-Message-State: AG10YOTBm9HpZeAsiCjwRDXdeYkVk/Zf+8JXSu9HvELpvhHXxy8fB9VEPkKNBaXqZgYO1A==
X-Received: by 10.66.231.100 with SMTP id tf4mr67879898pac.44.1456451329198;
Thu, 25 Feb 2016 17:48:49 -0800 (PST)
Received: from localhost ([2605:6400:20:11aa:189e:28a5:52ed:8948])
by smtp.gmail.com with ESMTPSA id e1sm14937322pas.1.2016.02.25.17.48.48
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 25 Feb 2016 17:48:48 -0800 (PST)
Date: Thu, 25 Feb 2016 17:48:07 -0800
From: Joseph Poon <joseph@lightning.network>
To: Gregory Maxwell <greg@xiph.org>
Message-ID: <20160226014807.GA23810@lightning.network>
References: <20160226010746.GB10295@lightning.network>
<CAAS2fgTphe5T8EBtz0xKRpRuLaO0P=3WeW2d1WD6b4Ark79rMQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAAS2fgTphe5T8EBtz0xKRpRuLaO0P=3WeW2d1WD6b4Ark79rMQ@mail.gmail.com>
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 26 Feb 2016 03:13:08 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] SIGHASH_NOINPUT in Segregated Witness
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2016 01:48:50 -0000
Hi Greg,
On Fri, Feb 26, 2016 at 01:32:34AM +0000, Gregory Maxwell wrote:
> I think to be successful we must be absolutely ruthless about changes
> that go in there beyond the absolute minimum needed for the safe
> deployment of segwit... so I think this should probably be constructed
> as a new segwit script type, and not a base feature.
Absolutely, I'd certainly be interested in this being the first
proof/example for the script upgrade mechanisms if it's not ideal for
this to be implemented as part of Segregated Witness itself.
> The reason for this is that if hardware wallets are forced to continue
> transferring input transactions to check fees or to use
> without-inputs, they may choose the latter and leave the users
> needlessly exposed to replay attacks.
Yes, I think it's necessary to include the fees as part of the
signature, which will also allow for wallets to not require downloading
the input transactions. However, it's necessary to not include the input
amount itself, as they may differ. SegWit itself is very nice in that it
prevents improperly designed wallets and services using the bitcoin RPC
from making mistakes, you can resolve malleability without compromises
-- I also think any proposed SIGHASH should ensure some measure of
safety from design error/shortcuts.
> The fact that without input commitments transactions are replayable is
> highly surprising to many developers... Personally, I'd even go so far
> as to name the flag SIGHASH_REPLAY_VULNERABLE. :)
That's a good point, choosing a scary name is probably very helpful.
Thanks, I'll clarify with a specific BIP soon.
--
Joseph Poon
|
