Author: Johnson Lau 2018-12-12 20:00:50
Published on: 2018-12-12T20:00:50+00:00
In a recent email exchange on the bitcoin-dev mailing list, developers discussed proposed changes to the Bitcoin protocol. Three new sighash flags are being added: SIGHASH_NOINPUT, SIGHASH_NOFEE, and SIGHASH_SCRIPTMASK. Additionally, a new opcode OP_MASK is being added, which will act as a NOP during execution. The sighash will be computed like in BIP143, but if SIGHASH_SCRIPTMASK is present, for every OP_MASK in scriptCode, the subsequent opcode/push is removed. However, there is some confusion around the necessity of the SIGHASH_SCRIPTMASK flag. It is argued that it is redundant since mask-removal can always be performed for signing. Masked scripts have reduced security, but this is balanced with functionality such as eltoo, which cannot work without masking part of the script. The role of scriptmask in a taproot world where the alternate script is both hidden and general is also unclear. It appears that scriptmask is used to make sure that your signature is applicable to a specific script branch, not others (assuming you use the same pubkey in many branches, which is avoidable).
Updated on: 2023-05-20T18:11:24.741528+00:00