From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 266CB3BBC for ; Tue, 9 Jul 2019 15:59:09 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com [209.85.219.169]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A33F3881 for ; Tue, 9 Jul 2019 15:59:08 +0000 (UTC) Received: by mail-yb1-f169.google.com with SMTP id f18so6013573ybr.10 for ; Tue, 09 Jul 2019 08:59:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bitcoinbank.co.jp; s=google; h=mime-version:from:date:message-id:subject:to; bh=2awtmMfRRzcvD0lx6s5+0t5lAkgjwuyJBZ/nZl7kY20=; b=Ie7CSHRsRwEEWkijI0Ogs7cwIblvK5UK3Q8fsSQlR1R8Qpldy7a5xKtap0SRoySgEN dM+fJlEsTX5a1kl5kVkUzgLkVEl8AqAjdMFw84C4xydv0Uzsj2A+fKDVQEvMxT3Wl434 dvi53DtZZ/VUaImMdENUKitNtEhmAwPIMkx7JWBt/UCUGNaCvLoSBHzcKwRUEPes3Zbr zNXhAiCuiQP+1XRBWg+AWui7smyA4rQfyQiAEaGPQWTTFYGcvqmBeMcoYXMCRSvi82l6 6kImVl2tVGXyEIUIKma5gCh/W4Q/mLn5TyjgDAQj9VKgeX0cNON5wujGbegCOq1XXzCh d9XQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=2awtmMfRRzcvD0lx6s5+0t5lAkgjwuyJBZ/nZl7kY20=; b=tVNuVO9S5ejQSQuBHWSnsq1qxEdWlylZQ8gj5TI01QSXjMqjWGMwTcDKpSM5X55+ZG MHXPQOgyyCejX0yrmoHI9dIEdU2m5ZRx8eA47+ATlQKah5xWeb9TRZdfFOF50kYu0SJ4 m8IQz3EkyQIjshKWw6kbcbZ3oxgvCWZRIf4IqALMDS8i/peSrC1MmfKKZFEkZVAd7Ty0 BrHub1RaT47qvxaGwPPatJa+RAb+5thWFKBChRKrHx2MX+Dx6IKz/HyBpPoIMhli13tK zl5F2sAN6UfNS+oEG+FELrIbhW/YgvLKk6tJrjZbIHXKdWOovy6l/Dp/H26AZAvVykaJ JAsQ== X-Gm-Message-State: APjAAAVadlX4miVm0qOUgpLprh7Gi7XJGUvzEpLLZ87fSPxMu/CDZfdL FfyFx60zEs+Xqp0fx+vtVCTTL1E8HEuXZYa/I1e74Jo= X-Google-Smtp-Source: APXvYqwLOquOBLxI+bxJZGvehgp/+ETH2jchrPG1QYE+IOUybN/y292u8OINLpMja/vGUOzor4jyjQHneo0LBf+6H84= X-Received: by 2002:a25:3fc4:: with SMTP id m187mr7066103yba.52.1562687947569; Tue, 09 Jul 2019 08:59:07 -0700 (PDT) MIME-Version: 1.0 From: Jonathan Underwood Date: Wed, 10 Jul 2019 00:58:56 +0900 Message-ID: To: Bitcoin development mailing list Content-Type: multipart/alternative; boundary="00000000000002b1e1058d41a432" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 09 Jul 2019 18:49:26 +0000 Subject: [bitcoin-dev] BIP174 amendment proposal (Important Signer Check should be mentioned) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jul 2019 15:59:09 -0000 --00000000000002b1e1058d41a432 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all, Just to be brief, I'll kick off with an attack scenario. 1. I am a signer, I get a PSBT that is ready to sign. I parse. I sign according to the PSBT as-is. 2. I notice my UTXO was stolen by a hacker because they changed my PSBT input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and after the fact they changed the outputs to send to themselves, and added an input they signed with SIGHASH_ALL. 3. I lose the BTC in my UTXO. So we should definitely add to the signer checks "ensure the sighash type given is the type of sighash you want to sign." etc. My proposal for a wording change would be addition to the bullet list: - If a sighash type is provided, the signer MUST check that the sighash type is acceptable to them, and fail signing if unacceptable. - If a sighash type is not provided, the signer SHOULD sign using SIGHASH_ALL, but may sign with any sighash type they wish. Any thoughts? Thanks, Jon --=20 ----------------- Jonathan Underwood =E3=83=93=E3=83=83=E3=83=88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE =E3=83=81= =E3=83=BC=E3=83=95=E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3= =82=AA=E3=83=95=E3=82=A3=E3=82=B5=E3=83=BC ----------------- =E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB=E3= =83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3=81= =AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81=94= =E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82 =E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3 --00000000000002b1e1058d41a432 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi all,

Just to be brief, I'll kick= off with an attack scenario.

1. I am a signer, I = get a PSBT that is ready to sign. I parse. I sign according to the PSBT as-= is.
2. I notice my UTXO was stolen by a hacker because they changed my P= SBT input's sighashtype to SIGHASH_ANYONECANPAY | SIGHASH_NONE and afte= r the fact they changed the outputs to send to themselves, and added an inp= ut they signed with SIGHASH_ALL.
3. I lose the BTC in my UTXO.

So we should definitely add to the signer checks &qu= ot;ensure the sighash type given is the type of sighash you want to sign.&q= uot; etc.

My proposal for a wording change would b= e addition to the bullet list:

- If a sighash type= is provided, the signer MUST check that the sighash type is acceptable to = them, and fail signing if unacceptable.
- If a sighash type is no= t provided, the signer SHOULD sign using SIGHASH_ALL, but may sign with any= sighash type they wish.

Any thoughts?
<= br>
Thanks,
Jon

--
=
-----------= ------
Jonathan Underwood
=E3=83=93=E3=83=83=E3=83= =88=E3=83=90=E3=83=B3=E3=82=AF=E7=A4=BE=E3=80=80=E3=83=81=E3=83=BC=E3=83=95= =E3=83=93=E3=83=83=E3=83=88=E3=82=B3=E3=82=A4=E3=83=B3=E3=82=AA=E3=83=95=E3= =82=A3=E3=82=B5=E3=83=BC
-----------------

=E6=9A=97=E5=8F=B7=E5=8C=96=E3=81=97=E3=81=9F=E3=83=A1=E3=83=83=E3=82=BB= =E3=83=BC=E3=82=B8=E3=82=92=E3=81=8A=E9=80=81=E3=82=8A=E3=81=AE=E6=96=B9=E3= =81=AF=E4=B8=8B=E8=A8=98=E3=81=AE=E5=85=AC=E9=96=8B=E9=8D=B5=E3=82=92=E3=81= =94=E5=88=A9=E7=94=A8=E4=B8=8B=E3=81=95=E3=81=84=E3=80=82

=E6=8C=87=E7=B4=8B: 0xCE5EA9476DE7D3E45EBC3FDAD998682F3590FEA3
--00000000000002b1e1058d41a432--