Author: Rusty Russell 2017-11-15 10:37:22
Published on: 2017-11-15T10:37:22+00:00
In a recent conversation between Tomas and Rusty Russell, the issue of malleation in commitment transactions was discussed. Rusty explained that malleation is a problem for every commitment transaction that uses HTLC transactions, but suggested that SIGHASH_NOINPUT could be used to work around this issue. However, he pointed out that separate keys are needed on every output to ensure transactions can't be connected to the wrong outputs. Tomas questioned whether the current specification already ensures that every key is only used once. Rusty clarified that while it is true for different commitment transactions, it's not the case for different HTLC outputs attached to the same transaction. Rusty then went on to explain that SIGHASH_NOINPUT cuts the number of updates down by about a factor of 2 under typical use, and it's generally nice to have, though extremely dangerous if keys are reused. If addresses are reused, a signed SIGHASH_NOINPUT input can be attached to either one, which may or may not be a problem depending on the exact usage.
Updated on: 2023-05-24T02:51:01.050835+00:00