Author: Christian Decker 2018-08-30 20:51:15
Published on: 2018-08-30T20:51:15+00:00
Johnson Lau has proposed a new signature format for Bitcoin transactions, called SIGHASH2, which aims to provide more flexibility and security while also being efficient. The new format includes features such as signing all input values, signing both scriptCode and previous scriptPubKey, and adding new SIGHASH options such as SIGHASH2_MATCHOUTPUT, SIGHASH2_LASTOUTPUT, and SIGHASH2_DUALOUTPUT. Additionally, there is an option to sign the amount of fees and signing the witness size. The proposal asks for feedback on whether NOINPUT should commit to scriptCode and/or scriptPubKey, whether LASTOUTPUT and DUALOUTPUT are needed, if a fully flexible way to sign a subset of outputs should be added, and whether the exact witness size or an upper size limit should be signed.The new signature format uses a more efficient DER format that aims to save block space. It includes new hashtype definitions such as SIGHASH2_ALL, SIGHASH2_NONE, and several others. The document provides examples of equivalent SIGHASH2 values for other SIGHASH schemes, such as Legacy/BIP143 ALL, Legacy/BIP143 SINGLE with matching output, Legacy/BIP143 NONE, and more. The signature still commits to bits 10 to 15 as hashtype, even though they are reserved and ignored.The document explains why decoupling INPUT and SEQUENCE is important and why some combinations are missing. It also notes that in legacy and BIP143 SIGHASH, only ALL implicitly commits to the fee paid. The proposal highlights the rationale behind putting NOVERSION and NOSCRIPTCODE in the second byte and why signing INPUTINDEX and FEE is necessary. In conclusion, this proposal is a soft-fork and provides details about deployment, reference implementation, and copyright. A formatted version and example code can be found on GitHub for more information.
Updated on: 2023-06-13T03:03:18.497928+00:00