Author: Mark Friedenbach 2017-10-01 19:27:21
Published on: 2017-10-01T19:27:21+00:00
In an email conversation, Russell O'Connor proposed the creation of a SIGHASH_WITNESS_WEIGHT flag instead of SIGHASH_WITNESS_DEPTH. When asked about the benefit of this change, O'Connor explained that using weight instead of depth would restrict other parties from selecting a witness size up-front, needlessly. Additionally, signing witness weight does not make the witness non-malleable. The signer could sign again with a different ECDSA nonce or use a different key combination in case of a 2-of-3 wallet. However, witnesses will remain non-3rd party malleable, even with any future opcodes.Mark replied that weight malleability should still be allowed in general, even with the fixed witness depth, for scenarios where all parties are not online at the same time in an interactive signing protocol or when individual parties have to reconfigure their signing choices due to failures. Restricting script signature systems can make it difficult to create realistic signing setups for people using best practices. For instance, a backup key may be placed deeper in the key tree and therefore result in larger signatures. Other signers should not have to restart and resign because of this as they might not be able to resign due to double-spend protections.
Updated on: 2023-06-12T21:28:36.216370+00:00