From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
To: Clark Moody <clark@clarkmoody.com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Bech32 weakness and impact on bip-taproot addresses
Date: Wed, 13 Nov 2019 05:32:32 +0000 [thread overview]
Message-ID: <2sU6YozN9nn30cofkAMhffgjDLZwjG3mvF0nBgOsVQQEY9ROmP72GuHWjnBlF_qa8eeQPU8bxleZqcvRGJgS-uJ2xWYmAm9HjrFWWx_9o8k=@protonmail.com> (raw)
In-Reply-To: <CAHGSxGv_BQAAkdcxsqVsjphqaoE=Xm05jXhdBnGw+m+vRxeQYQ@mail.gmail.com>
Good morning all,
It seems to me that adding the length for checksumming purposes need not require the length to be *actually* added in the address format.
So, currently, below is my understanding of bech32 validation:
* Run BCH checksum on witness program.
* Compare checksum to checksum in address.
* If the checksum matches:
* If version is 0, validate that the witness program is length 20 or 32.
* Else accept.
* If the checksum does not match:
* Reject
Let me propose then:
* Run BCH checksum on witness program.
* Compare checksum to checksum in address.
* If the checksum matches:
* If version is 0, validate that the witness program is length 20 or 32.
* Else validate that the witness program is length 32.
* If the checksum does not match:
* Get the length of the witness program.
* Prepend the length to the witness program.
* Run BCH checksum on concatenated length | witness program.
* Compare checksum to checksum in address.
* If the checksum matches:
* Accept.
* Else reject.
A writer of bech32 addresses would then:
* If the witness program is length 32, or witness version is 0 and witness program length is 20, use a non-length-prefixed checksum.
* Otherwise, use a length-prefixed checksum (but not include the length in the address, just change the BCH checksum).
This has the following properties:
* The bech32 address format is retained, and no explicit length is added.
* There are now two checksum formats: one with just the witness program, the other which validates with the witness program length.
* Readers that do not understand the new checksum format will simply reject them without mis-sending to the wrong witness program.
Is the above acceptable?
Regards,
ZmnSCPxj
next prev parent reply other threads:[~2019-11-13 5:32 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-07 22:35 [bitcoin-dev] Bech32 weakness and impact on bip-taproot addresses Pieter Wuille
2019-11-07 22:45 ` Greg Sanders
2019-11-08 0:41 ` Matt Corallo
2019-11-08 2:15 ` David A. Harding
2019-11-08 3:15 ` Eric Voskuil
2019-11-10 21:51 ` Pieter Wuille
2019-11-11 1:02 ` Matt Corallo
2019-11-13 2:56 ` Clark Moody
2019-11-13 5:32 ` ZmnSCPxj [this message]
2019-11-13 6:30 ` Pieter Wuille
2020-07-15 20:56 ` Russell O'Connor
2020-07-15 21:05 ` Greg Sanders
2020-07-15 21:11 ` Russell O'Connor
2019-11-08 5:11 ` ZmnSCPxj
2019-11-08 13:03 ` Russell O'Connor
2019-11-08 13:42 ` Damian Mee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='2sU6YozN9nn30cofkAMhffgjDLZwjG3mvF0nBgOsVQQEY9ROmP72GuHWjnBlF_qa8eeQPU8bxleZqcvRGJgS-uJ2xWYmAm9HjrFWWx_9o8k=@protonmail.com' \
--to=zmnscpxj@protonmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=clark@clarkmoody.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox