Published on: 2017-09-12T12:06:40+00:00
The Bitcoin-dev mailing list recently had two discussions. The first discussion focused on Merkle branch verification and tail-call semantics for generalized MAST. Johnson Lau and Mark Friedenbach discussed the design concerns, including the use of "unclean stake" which is invalid in BIP141. They also discussed SigOp counting and suggested a unified global limit that combines all factors. In the second discussion, Thomas Voegtlin proposed an extended serialization format for BIP-32 wallets. Shiva Sitamraju expressed concerns about the privacy implications of the birth-date field and the complete derivation path. Thomas replied that different versions do not have the same address as per bip173. The debate also included whether the OutputType field should be present only if depth==0x00 or at all times. Andreas Schildbach, Pavol Rusnak, and Thomas Voegtlin shared their opinions on the issue.Another discussion focused on Mark Friedenbach's proposal to update the fast Merkle-tree spec to use a different IV. This would prevent attacks where innocent scripts could be replaced by malicious ones. The attack requires a collision between double-SHA256(innocuous) and fast-SHA256(fast-SHA256(fast-SHA256(double-SHA256(malign) || r2) || r1) || r0).There was also talk about whether to add an extended serialization format for BIP-32 wallets. Suggestions were made to add an OutputType field for wallets that do not follow BIP43, while others suggested omitting the field in cases where script types are mixed. Thomas Voegtlin suggested that this value should be user visible, as users need to combine several master public keys when creating wallets with multisig scripts.It was noted that good security for Bitcoin is not defined by constant upgrading, and efforts should be put into backporting fixes/workarounds. Altcoin maintainers were encouraged to contribute back to their upstream to help keep up with security fixes. Sergio Demian Lerner mentioned the policy of publishing vulnerabilities in Bitcoin only after more than 80% of the nodes have upgraded.Overall, the discussions on the Bitcoin-dev mailing list covered various topics such as Merkle branch verification, tail-call semantics, serialization format for BIP-32 wallets, trust in scripts, and preventing attacks on MAST policy. Different perspectives were shared, and suggestions were made to improve the design and security of Bitcoin.
Updated on: 2023-08-01T21:50:34.851343+00:00