public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Disallow insecure use of SIGHASH_SINGLE
@ 2018-05-31 18:53 Johnson Lau
  2018-06-06  0:17 ` Chris Stewart
  2018-06-06  0:49 ` Peter Todd
  0 siblings, 2 replies; 4+ messages in thread
From: Johnson Lau @ 2018-05-31 18:53 UTC (permalink / raw)
  To: bitcoin-dev

I’ve made a PR to add a new policy to disallow using SIGHASH_SINGLE without matched output:

https://github.com/bitcoin/bitcoin/pull/13360

Signature of this form is insecure, as it commits to no output while users might think it commits to one. It is even worse in non-segwit scripts, which is effectively SIGHASH_NOINPUT|SIGHASH_NONE, so any UTXO of the same key could be stolen. (It’s restricted to only one UTXO in segwit, but it’s still like a SIGHASH_NONE.)

This is one of the earliest unintended consensus behavior. Since these signatures are inherently unsafe, I think it does no harm to disable this unintended “feature” with a softfork. But since these signatures are currently allowed, the first step is to make them non-standard.


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2018-06-06  0:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-31 18:53 [bitcoin-dev] Disallow insecure use of SIGHASH_SINGLE Johnson Lau
2018-06-06  0:17 ` Chris Stewart
2018-06-06  0:43   ` Peter Todd
2018-06-06  0:49 ` Peter Todd

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox