Author: Pieter Wuille 2015-01-25 14:34:08
Published on: 2015-01-25T14:34:08+00:00
Pieter, a developer, is addressing an issue with a function that was originally written for Bitcoin Core v0.8.0. The function was used to enforce non-standardness and not consensus, so there was no need to require maximum length for the R and S arguments. The restriction on total length was required, as BER allowed multi-byte length descriptors, which this function could not parse. Currently, the proposed soft fork distinguishes invalid signatures with overly-long R or S but acceptable R+S size from invalid signatures where R+S is too large. Pieter suggests adding individual R and S length restrictions that would limit them to no more than 32 bytes, excluding the padding 0 byte in front, to standardness requirements. Two options are suggested: add the R/S length restriction rule as a standardness requirement and later include it in a soft fork, or add it to the soft fork now.
Updated on: 2023-05-19T19:41:10.398775+00:00