Published on: 2018-06-06T00:49:01+00:00
A proposal has been made to change the Bitcoin core code in order to disallow the usage of SIGHASH_SINGLE without matched output. This signature form is considered insecure as it commits to no output, which may mislead users into thinking that it commits to one. The issue becomes more problematic in non-segwit scripts, making it easier for any UTXO of the same key to be stolen. The developer suggests implementing a softfork to disable this unintended consensus behavior, as these signatures are inherently unsafe.However, another developer questions the need for a softfork on security grounds and proposes that it may be better to consider soft-forking the code out based on code complexity instead. Additionally, there is uncertainty about whether the non-standardness of the signature means it is secure.In a discussion on the bitcoin-dev mailing list, the possibility of expanding to SIGHASH_NONE is raised. It is noted that SIGHASH_NONE is important because it allows multisig signers to relinquish the need to sign without giving up the private key. The SIGHASH_SINGLE bug can also be used in similar ways.The proposed policy aims to prevent the usage of SIGHASH_SINGLE without matched output. This signature form is considered insecure as it commits to no output, leading to potential theft of any UTXO of the same key in non-segwit scripts. This unintended consensus behavior is among the earliest ones and is inherently unsafe. To disable this feature with a softfork, the first step is to make these signatures non-standard. A pull request has already been made to add this policy to Bitcoin's Github repository. Currently, these signatures are allowed, so making them non-standard is the initial step towards disabling them.
Updated on: 2023-08-01T23:25:38.378361+00:00