Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YgDiF-00054d-Gz for bitcoin-development@lists.sourceforge.net; Thu, 09 Apr 2015 14:45:47 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.82.53 as permitted sender) client-ip=74.125.82.53; envelope-from=mh.in.england@gmail.com; helo=mail-wg0-f53.google.com; Received: from mail-wg0-f53.google.com ([74.125.82.53]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YgDi9-0000gZ-JP for bitcoin-development@lists.sourceforge.net; Thu, 09 Apr 2015 14:45:47 +0000 Received: by wgsk9 with SMTP id k9so100170345wgs.3 for ; Thu, 09 Apr 2015 07:45:35 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.180.14.67 with SMTP id n3mr6675842wic.92.1428590735566; Thu, 09 Apr 2015 07:45:35 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.194.188.11 with HTTP; Thu, 9 Apr 2015 07:45:35 -0700 (PDT) In-Reply-To: References: Date: Thu, 9 Apr 2015 16:45:35 +0200 X-Google-Sender-Auth: H02KiD_ML1IaO4ql0MOQzk_RKlw Message-ID: From: Mike Hearn To: Stephen Morse Content-Type: multipart/alternative; boundary=f46d04138cd552ae0805134bb3d7 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YgDi9-0000gZ-JP Cc: bitcoin-development Subject: Re: [Bitcoin-development] Build your own nHashType X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2015 14:45:47 -0000 --f46d04138cd552ae0805134bb3d7 Content-Type: text/plain; charset=UTF-8 > > I don't think it's quite a blank check, but it would enable replay attacks > in the form of sending the money to the same place it was sent before if an > address ever receives coins again. > Right, good point. I wonder if this sort of auto forwarding could even be a useful feature. I can't think of one right now. > It's hard, though, because there is different data needs to be signed for > each input. > Yes but is that fundamental or is there a way to avoid it? That's what I'm getting at. > Another possibility would be to put the previous scriptPubKey and previous > output value at the END of the serialized transaction, so that you could > make use of some sort of a signature hash midstate. > Interesting idea! I don't agree it's messy. If anything it should be simpler than what we have today - the need to edit a transaction *in the middle* means that sighash computation involves constantly reserializing a transaction before it even gets to be hashed. > Is hashing transaction data once for each input really a huge bottleneck, > though? Do mobile devices have an issue with this? > Consider what happens with very large transactions, like a big assurance contract that might have thousands of inputs and be multiple megabytes in size. Obviously such large transactions cannot happen today, but there is user demand for giant contracts (or at least, users tell me there is, whether they'd actually do it for real is a bit unclear). --f46d04138cd552ae0805134bb3d7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I don't think it's quite a blank check,= but it would enable replay attacks in the form of sending the money to the= same place it was sent before if an address ever receives coins again.

Right, good point. I = wonder if this sort of auto forwarding could even be a useful feature. I ca= n't think of one right now.
=C2=A0
It's hard, though, because there is different data needs to = be signed for each input.

Yes but is that fundamental or is there a way to avoid it? That'= ;s what I'm getting at.
=C2=A0
Another possibility would be to put the previous scriptPubKey and pr= evious output value at the END of the serialized transaction, so that you c= ould make use of some sort of a signature hash midstate.
=

Interesting idea! I don't agree = it's messy. If anything it should be simpler than what we have today - = the need to edit a transaction in the middle=C2=A0means that sighash= computation involves constantly reserializing a transaction before it even= gets to be hashed.
=C2=A0
I= s hashing transaction data once for each input really a huge bottleneck, th= ough? Do mobile devices have an issue with this?

Consider what happens with very large transac= tions, like a big assurance contract that might have thousands of inputs an= d be multiple megabytes in size. Obviously such large transactions cannot h= appen today, but there is user demand for giant contracts (or at least, use= rs tell me there is, whether they'd actually do it for real is a bit un= clear).
--f46d04138cd552ae0805134bb3d7--