Author: Gregory Maxwell 2015-04-15 03:34:50
Published on: 2015-04-15T03:34:50+00:00
Stephen Morse proposed a change in the nHashType that would allow transaction signers to specify what is to be serialized for the signature hash. This would make malleability almost a non-issue, and hardware wallets could sign securely without downloading or processing each transaction they spend from. However, there are concerns about creating too many options that rapidly extend into a choose-your-own-adventure with too many options to count. The author of the post suggests that any sighash masking that eliminates the txin txid enables covenants. Covenants are payments that constrain their future payments, like deed covenants. The author explains how this approach can work where the scriptpubkey contains "[push: 0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04, flags] [push pubkey resulting from pubkey recovery] OP_CHECKSIG" and set the flags to match only the things you want to enforce in the spending transaction hash them up and recover the EC public point. The author admits that they don't currently see how to get a perpetual covenant out of it; however, they suggest it might be possible with a sufficiently complex sighash flag and nothing else.
Updated on: 2023-05-19T20:02:09.658523+00:00