Author: Anthony Towns 2018-05-08 14:40:21
Published on: 2018-05-08T14:40:21+00:00
On May 7, 2018, Christian Decker wrote an email on bitcoin-dev expressing his enthusiasm for the `SIGHASH_NOINPUT` proposal. In response to this email, user aj expressed his concerns regarding the proposal. Specifically, he stated that if someone uses the same key for multiple inputs and signs one of them with _NOINPUT, all of them would be spent, which could be a problem for people who regularly reuse addresses. To mitigate this issue, aj suggested using a hypothetical "OP_CHECK_SIG_FOR_SINGLE_USE_KEY" opcode instead of _NOINPUT, so it's not possible to trick someone into signing something for one input that accidentally authorizes spends of other inputs as well. He also proposed an alternative idea of using OP_CHECKSIG_1USE or OP_CHECKMULTISIG_1USE, which would ensure that a _NOINPUT signature is only valid for keys deliberately intended to be single use.Aj acknowledged that using these opcodes would result in ~34 witness bytes being added but argued that it is not worse than the normal taproot tradeoff. He also mentioned that a different opcode may make sense at a philosophical level since normal signatures sign a spend of a particular coin, while _NOINPUT signatures sign a spend of an entire wallet. In conclusion, aj raises some valid concerns about the potential risks associated with the `SIGHASH_NOINPUT` proposal, and suggests some alternative approaches that could address these issues.
Updated on: 2023-05-20T08:21:19.059399+00:00