Author: Pieter Wuille 2019-11-10 21:51:48
Published on: 2019-11-10T21:51:48+00:00
The Bitcoin development community is discussing how to prevent unencumbered witness v1 outputs of lengths other than 32 from being spent by anyone. There are two options: a consensus rule or a standardness rule, but both require users of old libraries to upgrade their bech32 libraries to avoid transaction rejections or getting stuck on older nodes. David A. Harding suggests that fixing the problem in the bech32 algorithm rather than at the consensus/standardness layer is best, despite it breaking batched transactions in some settings. Pieter Wuille proposes amending BIP173 to be restricted to witness programs of length 20 or 32, while developing a variant of bech32 with better insertion/erasure detecting properties for witness programs of different lengths. The root of the issue is in bech32, and it's simplest to fix things there, preferably by changing the constant 1 that is xor'ed into the checksum before encoding it to a 30-bit number, or implicitly including the length into the checksummed data.
Updated on: 2023-05-20T21:05:26.783873+00:00