public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] BIP174 amendment proposal (Important Signer Check should be mentioned)
@ 2019-07-09 15:58 Jonathan Underwood
  2019-07-09 20:26 ` Andrew Chow
  0 siblings, 1 reply; 3+ messages in thread
From: Jonathan Underwood @ 2019-07-09 15:58 UTC (permalink / raw)
  To: Bitcoin development mailing list

[-- Attachment #1: Type: text/plain, Size: 1239 bytes --]

Hi all,

Just to be brief, I'll kick off with an attack scenario.

1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign
according to the PSBT as-is.
2. I notice my UTXO was stolen by a hacker because they changed my PSBT
input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the
fact they changed the outputs to send to themselves, and added an input
they signed with SIGHASH_ALL.
3. I lose the BTC in my UTXO.

So we should definitely add to the signer checks "ensure the sighash type
given is the type of sighash you want to sign." etc.

My proposal for a wording change would be addition to the bullet list:

- If a sighash type is provided, the signer MUST check that the sighash
type is acceptable to them, and fail signing if unacceptable.
- If a sighash type is not provided, the signer SHOULD sign using
SIGHASH_ALL, but may sign with any sighash type they wish.

Any thoughts?

Thanks,
Jon

-- 
-----------------
Jonathan Underwood
ビットバンク社 チーフビットコインオフィサー
-----------------

暗号化したメッセージをお送りの方は下記の公開鍵をご利用下さい。

指紋: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3

[-- Attachment #2: Type: text/html, Size: 1723 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [bitcoin-dev] BIP174 amendment proposal (Important Signer Check should be mentioned)
  2019-07-09 15:58 [bitcoin-dev] BIP174 amendment proposal (Important Signer Check should be mentioned) Jonathan Underwood
@ 2019-07-09 20:26 ` Andrew Chow
  2019-07-09 22:21   ` Jonathan Underwood
  0 siblings, 1 reply; 3+ messages in thread
From: Andrew Chow @ 2019-07-09 20:26 UTC (permalink / raw)
  To: Jonathan Underwood, Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 1473 bytes --]

This was the original intent of the sighash field. Either the sighash is acceptable to the signer and the signer signs with it, or they do not sign at all.

On 7/9/19 11:58 AM, Jonathan Underwood via bitcoin-dev wrote:

> Hi all,
>
> Just to be brief, I'll kick off with an attack scenario.
>
> 1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign according to the PSBT as-is.
> 2. I notice my UTXO was stolen by a hacker because they changed my PSBT input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the fact they changed the outputs to send to themselves, and added an input they signed with SIGHASH_ALL.
> 3. I lose the BTC in my UTXO.
>
> So we should definitely add to the signer checks "ensure the sighash type given is the type of sighash you want to sign." etc.
>
> My proposal for a wording change would be addition to the bullet list:
>
> - If a sighash type is provided, the signer MUST check that the sighash type is acceptable to them, and fail signing if unacceptable.
> - If a sighash type is not provided, the signer SHOULD sign using SIGHASH_ALL, but may sign with any sighash type they wish.
>
> Any thoughts?
>
> Thanks,
> Jon
>
> --
>
> -----------------
> Jonathan Underwood
> ビットバンク社 チーフビットコインオフィサー
> -----------------
>
> 暗号化したメッセージをお送りの方は下記の公開鍵をご利用下さい。
>
> 指紋: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3

[-- Attachment #2: Type: text/html, Size: 3176 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [bitcoin-dev] BIP174 amendment proposal (Important Signer Check should be mentioned)
  2019-07-09 20:26 ` Andrew Chow
@ 2019-07-09 22:21   ` Jonathan Underwood
  0 siblings, 0 replies; 3+ messages in thread
From: Jonathan Underwood @ 2019-07-09 22:21 UTC (permalink / raw)
  To: Andrew Chow; +Cc: Bitcoin development mailing list

[-- Attachment #1: Type: text/plain, Size: 1710 bytes --]

Hi Andrew,

Ok, I will go ahead and write the amendment and make a PR.

Thanks!
Jon

2019年7月10日(水) 5:26 Andrew Chow <achow101-lists@achow101.com>:

> This was the original intent of the sighash field. Either the sighash is
> acceptable to the signer and the signer signs with it, or they do not sign
> at all.
>
> On 7/9/19 11:58 AM, Jonathan Underwood via bitcoin-dev wrote:
>
> Hi all,
>
> Just to be brief, I'll kick off with an attack scenario.
>
> 1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign
> according to the PSBT as-is.
> 2. I notice my UTXO was stolen by a hacker because they changed my PSBT
> input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the
> fact they changed the outputs to send to themselves, and added an input
> they signed with SIGHASH_ALL.
> 3. I lose the BTC in my UTXO.
>
> So we should definitely add to the signer checks "ensure the sighash type
> given is the type of sighash you want to sign." etc.
>
> My proposal for a wording change would be addition to the bullet list:
>
> - If a sighash type is provided, the signer MUST check that the sighash
> type is acceptable to them, and fail signing if unacceptable.
> - If a sighash type is not provided, the signer SHOULD sign using
> SIGHASH_ALL, but may sign with any sighash type they wish.
>
> Any thoughts?
>
> Thanks,
> Jon
>
> --
> -----------------
> Jonathan Underwood
> ビットバンク社 チーフビットコインオフィサー
> -----------------
>
> 暗号化したメッセージをお送りの方は下記の公開鍵をご利用下さい。
>
> 指紋: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
>
>
>

[-- Attachment #2: Type: text/html, Size: 3566 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-07-09 22:21 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-09 15:58 [bitcoin-dev] BIP174 amendment proposal (Important Signer Check should be mentioned) Jonathan Underwood
2019-07-09 20:26 ` Andrew Chow
2019-07-09 22:21   ` Jonathan Underwood

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox