From pete at petertodd.org Sat Oct 5 15:49:02 2019 From: pete at petertodd.org (Peter Todd) Date: Sat, 5 Oct 2019 11:49:02 -0400 Subject: [Lightning-dev] [bitcoin-dev] OP_CAT was Re: Continuing the discussion about noinput / anyprevout In-Reply-To: References: <87wodp7w9f.fsf@gmail.com> <20191001155929.e2yznsetqesx2jxo@erisian.com.au> <20191004111536.w7snbgpoe27xutfu@petertodd.org> Message-ID: <20191005154902.ck236q65xha25ore@petertodd.org> On Fri, Oct 04, 2019 at 11:40:53AM -0700, Jeremy wrote: > Interesting point. > > The script is under your control, so you should be able to ensure that you > are always using a correctly constructed midstate, e.g., something like: > > scriptPubKey: <-1> OP_SHA256STREAM DEPTH OP_SHA256STREAM <-2> > OP_SHA256STREAM > OP_EQUALVERIFY > > would hash all the elements on the stack and compare to a known hash. > How is that sort of thing weak to midstateattacks? Obviously with care you can get the computation right. But at that point what's the actual advantage over OP_CAT? We're limited by the size of the script anyway; if the OP_CAT output size limit is comparable to that for almost anything you could use SHA256STREAM on you could just as easily use OP_CAT, followed by a single OP_SHA256. -- https://petertodd.org 'peter'[:-1]@petertodd.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: