Author: Pieter Wuille 2015-02-03 23:38:42
Published on: 2015-02-03T23:38:42+00:00
On February 3, 2015, Pieter Wuille proposed a one-line change to BIP66's DERSIG that would softfork. However, he has since retracted the proposal after Suhar Daftuas pointed out that there were still edge-cases that weren't covered. The goal was to ensure that signature validation and parsing could be entirely separated and that signature checking didn't require a third return value. The only guaranteed way to do this would be to require R and S to be within the range allowed by secp256k1, which would need an integer decoder inside the signature encoding checker. This was deemed unreasonable. Instead, a cleaner solution was proposed: only allow an empty byte vector as an invalid signature. This would align signature validity with decoding and be much simpler to implement.
Updated on: 2023-05-19T19:41:46.690395+00:00