Author: Russell O'Connor 2017-10-01 19:41:46
Published on: 2017-10-01T19:41:46+00:00
In a recent email exchange between Bitcoin developers, the idea of creating a SIGHASH_WITNESS_WEIGHT flag instead of SIGHASH_WITNESS_DEPTH was discussed. Mark Friedenbach argued that creating a Bitcoin script that does not allow malleability is difficult and requires wasting many bytes. He suggested that adding a witness weight flag would make script design simpler and scripts smaller and cheaper. The weight flag wouldn't prevent malleability as signers could sign again with a different ECDSA nonce or use a different key combination. However, witnesses are not third party malleable and future opcodes will maintain that property. Friedenbach also argued that we shouldn't restrict the script signature system to such a degree that it becomes difficult to create realistic signing setups for people using best practices like multi-key, 2FA, etc. Participants in a signing protocol should be treated as black boxes, so internal errors and timeouts in their signing setup don’t propagate upwards to the multi-party protocol. For example, a participant should be able to try to 2FA sign and if that fails go fetch their backup key and sign with that. All the other signers need to care about is where the Merkle proof goes. However, Russell O'Connor argued that requiring a counterparty to choose their keys before signing is reasonable in multi-party signing of inputs.
Updated on: 2023-06-12T21:26:55.300944+00:00