Author: Andrew Kozlik 2020-05-04 15:48:00
Published on: 2020-05-04T15:48:00+00:00
The proposal being discussed is related to the inclusion of sha_scriptPubKeys in a transaction's signature message. However, this would limit some use cases where SIGHASH_ALL behavior is not required. The proposal suggests that sha_scriptPubKeys should only be included if hash_type does not match SIGHASH_ANYONECANPAY. The context also highlights an attack scenario in CoinJoin transactions where the attacker can construct a transaction with two inputs and outputs of identical value, one belonging to the user and another to the attacker. If this transaction is sent to the hardware wallet twice with different input markings, the user will think they are signing two different transactions, while in reality, they are signing two different inputs to a single transaction and sending half of the amount to the attacker. As an alternative proposal, it is suggested that a separate BIP for new sigash flags be created. Additionally, the email mentions the importance of including the scriptPubKey to verify the ownership proof signature. Finally, the email describes how adding the height of the coin to the signature message would constitute a change of a different caliber and is not currently proposed.
Updated on: 2023-06-14T01:05:22.839312+00:00