Author: Rusty Russell 2019-03-20 03:33:55
Published on: 2019-03-20T03:33:55+00:00
Rusty Russell considers the "my software reused my keys" as the most reasonable attack scenario for lightning attacks. However, he acknowledges that it is still small compared to other lightning attack surfaces. Rusty understands the general wariness of third-parties reusing SIGHASH_NOINPUT signatures. He suggests that "must have a non-SIGHASH_NOINPUT" rule can address the first reuse scenario (as well as the second), and he would be content with that proposal. Anthony Towns discussed four ways in which NOINPUT could cause problems for people doing NOINPUT sigs. Rusty does not find the differentiation between malicious and non-malicious double-spends convincing. He believes that it is hard to see what difference that makes to how you'd handle coins from A. Rusty does not believe that the nightmare scenario mentioned by Anthony Towns is credible. Rusty is still inclined to err on the side of putting more safety measures in for NOINPUT. However, he suggests using "must have a sig that commits to the input tx" as a safety measure instead of complex ones which do not actually help in practical failure scenarios. If it is considered necessary, Rusty suggests that it should be a standardness rule rather than consensus.
Updated on: 2023-06-02T17:52:28.671038+00:00