Author: Rusty Russell 2018-12-17 03:10:42
Published on: 2018-12-17T03:10:42+00:00
Johnson Lau, a Bitcoin developer, raises concerns about the usability and security of OP_CODESEPARATOR with NOINPUT. In the new sighash proposal, the hash of the full script or masked script will be signed without truncation. The proposal also commits to the position of the last executed OP_CODESEPARATOR to make it work as before. However, if NOINPUT doesn't commit to the masked script, it will commit blindly to a random OP_CODESEPARATOR position, making it difficult for the wallet to know which codes are being executed. Rusty, another Bitcoin developer, questions the need for supporting OP_CODESEPARATOR at all. He argues that no wallet needs to support it. Rusty further expresses confusion regarding how OP_CODESEPARATOR changes anything in relation to NOINPUT. He notes that anyone can create an output that can be spent by any NOINPUT, whether by using OP_MASK or simply not committing to the input script.
Updated on: 2023-06-13T15:23:43.226154+00:00