Author: Russell O'Connor 2017-10-01 19:05:38
Published on: 2017-10-01T19:05:38+00:00
The proposed fixed signature size has led to a suggestion of creating a SIGHASH_WITNESS_WEIGHT flag instead of SIGHASH_WITNESS_DEPTH. The argument against weight malleability even with witness depth fixed is questioned, as it is unclear in what scenario that would be necessary. However, it is suggested that most parties signing an input would do so after agreeing on an execution path through the script. Thus, the witness weight can be fixed, except in rare cases where some parties must sign in advance of the decision about the execution path. In these cases, fixing the witness depth wouldn't be desirable either. A SIGHASH_WITNESS_WEIGHT flag would prevent all possible malleability that could alter the transaction's fee/weight priority at least for one input and reduce the overall attack surface of witness malleability issues. The clean stack should be eliminated for other potential future uses, such as recursive tail-call for general computation capability. Although this is not being argued for currently, it is suggested that we should not prematurely cut off an easy implementation of this possibility. Committing to the number of witness elements is fully sufficient, and using the number of elements helps avoid problems of not knowing the actual size in bytes at the time of signing. Future extensions might also have variable-length proofs.
Updated on: 2023-06-12T21:29:18.963452+00:00