Author: Johnson Lau 2018-12-20 19:34:38
Published on: 2018-12-20T19:34:38+00:00
In a discussion about the proposed new sighash proposal for Bitcoin, Johnson Lau raised concerns over the usability and security of OP_CODESEPARATOR with NOINPUT. To address this, it is suggested that the new sighash will always commit to the same H(script), instead of the truncated scriptCode, making scripts more compact and efficient. If using NOINPUT with MASKEDSCRIPT, it will commit to the H(masked_script) instead of H(script). The sighash will also commit to the position of the last executed CODESEPARATOR to make CODESEPARATOR work as before. However, if NOINPUT does not commit to H(masked_script), the wallet has to guess the meaning of such committed positions, making it unreliable. Rusty Russell questioned why OP_CODESEPARATOR should be supported at all, but acknowledged that it could make scripts more compact in some cases.
Updated on: 2023-05-20T18:02:26.737776+00:00