1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
Return-Path: <junderwood@bitcoinbank.co.jp>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 266CB3BBC
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 9 Jul 2019 15:59:09 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com
[209.85.219.169])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A33F3881
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 9 Jul 2019 15:59:08 +0000 (UTC)
Received: by mail-yb1-f169.google.com with SMTP id f18so6013573ybr.10
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 09 Jul 2019 08:59:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bitcoinbank.co.jp; s=google;
h=mime-version:from:date:message-id:subject:to;
bh=2awtmMfRRzcvD0lx6s5+0t5lAkgjwuyJBZ/nZl7kY20=;
b=Ie7CSHRsRwEEWkijI0Ogs7cwIblvK5UK3Q8fsSQlR1R8Qpldy7a5xKtap0SRoySgEN
dM+fJlEsTX5a1kl5kVkUzgLkVEl8AqAjdMFw84C4xydv0Uzsj2A+fKDVQEvMxT3Wl434
dvi53DtZZ/VUaImMdENUKitNtEhmAwPIMkx7JWBt/UCUGNaCvLoSBHzcKwRUEPes3Zbr
zNXhAiCuiQP+1XRBWg+AWui7smyA4rQfyQiAEaGPQWTTFYGcvqmBeMcoYXMCRSvi82l6
6kImVl2tVGXyEIUIKma5gCh/W4Q/mLn5TyjgDAQj9VKgeX0cNON5wujGbegCOq1XXzCh
d9XQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=2awtmMfRRzcvD0lx6s5+0t5lAkgjwuyJBZ/nZl7kY20=;
b=tVNuVO9S5ejQSQuBHWSnsq1qxEdWlylZQ8gj5TI01QSXjMqjWGMwTcDKpSM5X55+ZG
MHXPQOgyyCejX0yrmoHI9dIEdU2m5ZRx8eA47+ATlQKah5xWeb9TRZdfFOF50kYu0SJ4
m8IQz3EkyQIjshKWw6kbcbZ3oxgvCWZRIf4IqALMDS8i/peSrC1MmfKKZFEkZVAd7Ty0
BrHub1RaT47qvxaGwPPatJa+RAb+5thWFKBChRKrHx2MX+Dx6IKz/HyBpPoIMhli13tK
zl5F2sAN6UfNS+oEG+FELrIbhW/YgvLKk6tJrjZbIHXKdWOovy6l/Dp/H26AZAvVykaJ
JAsQ==
X-Gm-Message-State: APjAAAVadlX4miVm0qOUgpLprh7Gi7XJGUvzEpLLZ87fSPxMu/CDZfdL
FfyFx60zEs+Xqp0fx+vtVCTTL1E8HEuXZYa/I1e74Jo=
X-Google-Smtp-Source: APXvYqwLOquOBLxI+bxJZGvehgp/+ETH2jchrPG1QYE+IOUybN/y292u8OINLpMja/vGUOzor4jyjQHneo0LBf+6H84=
X-Received: by 2002:a25:3fc4:: with SMTP id m187mr7066103yba.52.1562687947569;
Tue, 09 Jul 2019 08:59:07 -0700 (PDT)
MIME-Version: 1.0
From: Jonathan Underwood <junderwood@bitcoinbank.co.jp>
Date: Wed, 10 Jul 2019 00:58:56 +0900
Message-ID: <CAMpN3mLtKXoFerZnpM_qs-CS6fjJFzmPS5+Ri0j27YwRmqam-A@mail.gmail.com>
To: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="00000000000002b1e1058d41a432"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 09 Jul 2019 18:49:26 +0000
Subject: [bitcoin-dev] BIP174 amendment proposal (Important Signer Check
should be mentioned)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 15:59:09 -0000
--00000000000002b1e1058d41a432
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi all,
Just to be brief, I'll kick off with an attack scenario.
1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign
according to the PSBT as-is.
2. I notice my UTXO was stolen by a hacker because they changed my PSBT
input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the
fact they changed the outputs to send to themselves, and added an input
they signed with SIGHASH_ALL.
3. I lose the BTC in my UTXO.
So we should definitely add to the signer checks "ensure the sighash type
given is the type of sighash you want to sign." etc.
My proposal for a wording change would be addition to the bullet list:
- If a sighash type is provided, the signer MUST check that the sighash
type is acceptable to them, and fail signing if unacceptable.
- If a sighash type is not provided, the signer SHOULD sign using
SIGHASH_ALL, but may sign with any sighash type they wish.
Any thoughts?
Thanks,
Jon
--=20
-----------------
Jonathan Underwood
=E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE =E3=83=81=
=E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=
=82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC
-----------------
=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=E3=
=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=81=
=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=94=
=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82
=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
--00000000000002b1e1058d41a432
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi all,<div><br></div><div>Just to be brief, I'll kick=
off with an attack scenario.</div><div><br></div><div>1. I am a signer, I =
get a PSBT that is ready to sign. I parse. I sign according to the PSBT as-=
is.<br>2. I notice my UTXO was stolen by a hacker because they changed my P=
SBT input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and afte=
r the fact they changed the outputs to send to themselves, and added an inp=
ut they signed with SIGHASH_ALL.</div><div>3. I lose the BTC in my UTXO.</d=
iv><div><br></div><div>So we should definitely add to the signer checks &qu=
ot;ensure the sighash type given is the type of sighash you want to sign.&q=
uot; etc.</div><div><br></div><div>My proposal for a wording change would b=
e addition to the bullet list:</div><div><br></div><div>- If a sighash type=
is provided, the signer MUST check that the sighash type is acceptable to =
them, and fail signing if unacceptable.</div><div>- If a sighash type is no=
t provided, the signer SHOULD sign using SIGHASH_ALL, but may sign with any=
sighash type they wish.</div><div><br></div><div>Any thoughts?</div><div><=
br></div><div>Thanks,</div><div>Jon<br clear=3D"all"><div><br></div>-- <br>=
<div dir=3D"ltr" class=3D"gmail_signature" data-smartmail=3D"gmail_signatur=
e"><div dir=3D"ltr"><div><div dir=3D"ltr"><div dir=3D"ltr"><div>-----------=
------<br></div><div>Jonathan Underwood</div><div>=E3=83=93=E3=83=83=E3=83=
=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE=E3=80=80=E3=83=81=E3=83=BC=E3=83=95=
=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=82=AA=E3=83=95=E3=
=82=A3=E3=82=B5=E3=83=BC</div><div>-----------------</div><div><br></div><d=
iv>=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=
=E3=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=
=81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=
=94=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82</div><div><br></d=
iv><div>=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3</div=
></div></div></div></div></div></div></div>
--00000000000002b1e1058d41a432--
|
