Author: Pieter Wuille 2018-11-28 03:41:02
Published on: 2018-11-28T03:41:02+00:00
Pieter Wuille has proposed a combined proposal for Bitcoin improvement protocols. The proposal includes three new sighash flags, namely SIGHASH_NOINPUT, SIGHASH_NOFEE, and SIGHASH_SCRIPTMASK. A new opcode called OP_MASK is also suggested which acts as a NOP during execution. The sighash is computed like in BIP143 with some changes such as the subsequent opcode/push being removed when SIGHASH_SCRIPTMASK is present. The scriptPubKey being spent is added to the sighash unless SIGHASH_SCRIPTMASK is set, and the transaction fee is added unless SIGHASH_NOFEE is set. HashPrevouts, hashSequence, and outpoint are set to null when SIGHASH_NOINPUT is set. It is suggested that OP_MASK should be followed by a push, and signing the amounts of all inputs is proposed. Additionally, it is proposed that sequence values of all inputs should be signed, rather than just the default sighash. The 3 flags can be encoded in 2 bits using the PARTIALSCRIPT/KNOWNSCRIPT/KNOWNTX/ALL_INPUTS encoding. Regarding preventing signatures from being rebound to a different script(path)/checksig, a few ideas were discussed. One was to sign the opcode position plus true/false condition of all previous(?) IF statements, but this would introduce unnecessary complexity for signers in most cases. An alternative is to make every CHECKSIG sign the opcode position of the last executed CODESEPARATOR. The proposal suggests that sighashes should be prefixed with a fixed 64-byte array as "tag" to prevent signatures from being re-interpretable as something else. All existing sighash flags, plus NOINPUT and MASK are included in the proposal. Signatures are 64 plus an optional sighash byte, and ALL cannot be specified explicitly.
Updated on: 2023-05-20T18:05:52.544617+00:00