Author: Peter Todd 2016-07-04 23:27:15
Published on: 2016-07-04T23:27:15+00:00
The discussion revolves around the odd result of a transaction spending a witness output with an unknown version, which is valid even if the transaction does not have any witnesses. It has been suggested to leave such an unknown witness program as any-one-can-spend without looking at the witness. The argument for special case P2PKH is that pubkey should be saved to reduce the bytes but 160-bit commitments for multisig may need 256-bit security. However, even shorter hash and pubkey are suggested for storing a small amount of Bitcoin. There is a concern that signatures for new signature hash can be misinterpreted for old signature hash. Tagged hashing is proposed as an excellent way to ensure that signatures cannot be reused in different contexts, and XORing the magic tag prior to using it is sufficient for signature applications. However, this method is incompatible with timestamping schemes like OpenTimestamps that rely on all operations being cryptographically secure.
Updated on: 2023-06-11T19:06:52.508553+00:00