Author: Rusty Russell 2018-05-09 23:04:58
Published on: 2018-05-09T23:04:58+00:00
A discussion is ongoing among Bitcoin developers regarding the proposed `SIGHASH_NOINPUT` feature. Anthony Towns raised concerns that the proposal has a huge failure case, where if one uses the same key for multiple inputs and signs one of them with _NOINPUT, the individual will have spent all of them. The current proposal limits the potential damage by still committing to the prevout amount, but Towns thinks it still poses risks for everyone who reuses addresses. He suggests making _NOINPUT a flag to a signature for a hypothetical "OP_CHECK_SIG_FOR_SINGLE_USE_KEY" opcode instead. This suggestion was also made by Mark Friedenbach. However, there remain concerns that this approach would result in more "magic key" and less script. Another suggestion is to have a different Segwit version for "NOINPUT-can-be-used," which could be done by creating a new opcode for _NOINPUT.
Updated on: 2023-05-25T00:22:56.878151+00:00