Author: Ruben Somsen 2018-12-17 15:48:15
Published on: 2018-12-17T15:48:15+00:00
In an email exchange on the Bitcoin-dev mailing list, Ruben Somsen asked Johnson Lau about the implications of NOINPUT and its effects on fungibility. In response, Lau discussed the risks associated with signature replay and the possibility of accidental double payment if a payer mistakenly pays to a previous address with the same amount and the previous UTXO has been spent using NOINPUT. Lau proposed tagging outputs as a solution to minimize the risks of misuse. There are two possible ways to tag an output: setting a certain bit in the tx version or setting a certain bit in the scriptPubKey. Lau analyzed the pros and cons of each method and suggested that tagging with scriptPubKey would allow for per-output basis tagging, but it is only possible with native-segwit, not P2SH. On the other hand, tagging with tx version will also protect P2SH-segwit, but it is somewhat a layer violation and could only tag all or none outputs in the same tx. Lau also mentioned an extension to the version tagging, which could make NOINPUT even safer by signing the version of the previous tx, making accidental replay very unlikely. However, this would burn a few more bits in the tx version field. Lau concluded by asking if there are any other proposals that require NOINPUT and are adversely affected by either way of tagging.
Updated on: 2023-06-13T16:14:46.874981+00:00