From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 1E6F7CA35 for ; Sat, 9 Feb 2019 00:40:19 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com [209.85.210.51]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id ECF68F4 for ; Sat, 9 Feb 2019 00:40:17 +0000 (UTC) Received: by mail-ot1-f51.google.com with SMTP id n8so8928263otl.6 for ; Fri, 08 Feb 2019 16:40:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=6BM751ZipOw4G2SravIJPMnEotQlTAaRU1o5uccATPo=; b=oDUnj6TONZ9ffyWbvV2IwMiafDgueu7/1xS08HuMz9n3mKcHFXFkcnJx0FQ3YE0EmI lAnEZHV+qCK7hGlDAX9ntZOsdJDh5txvjJ5WmFUUTRdtSAXAEAhb/cs2+4HymKx+Pgt2 2EJ3z7QTr12bvZL4fNqA0oZOpFWKrO7SaedL4xSexFvvCOMkKb3E4uxjJeCtcDrCpZcw PTA1Umv2SmnyfzXE3GyCPQdPc93iTiiMGfO29HJAV5SuuN4Z9tSTsVaXVNd9RbqJhZ1r EMF5u4BcMa3qTxyuqgbZ/ZRxKoOLvZ0LPbIg8zcCpj5aY8B3/sDaBmp9iCU2LpEaewxg 3xvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=6BM751ZipOw4G2SravIJPMnEotQlTAaRU1o5uccATPo=; b=DyKbyqP7Z3f5oujraeECgZFgpesD46mCI0OuYRH8fpGG1XnjDIgEnueDwCyFW8URsY 5WvLa37WOJ1hkxMLfkz11PQ8E3h8BlVfhwDF+VzptXyWrFHq6ACmgWQ2nm8Gs1f1q53f FQxlzOt8JhdiPJ9mf1GFjAL4ZSsahPHtFKBYm0GzM2w+VXoauRVvyU/FJbh94b4Ojt3H VAI82i1mawILLebLYd7+0AejZV/sVZ+qR5ft4jKYEmJv5NQPLcJW+0A87WS269LAScqb VmHUlq1BeWeZ2i6/nN1a8Ze4zidq6lM21bWxJbr5Azelu1AnXi9Y83F2fr4wpDvRVmfb fe1Q== X-Gm-Message-State: AHQUAubbThUjMALWcHep5bhzCm0xuSbHMuDZkBRVe7urOlEkKz1ydiW0 ZCIBDAzk+5rF3yKh1P+ZaJ1mDgL51bYlrtNOgvTxFg== X-Google-Smtp-Source: AHgI3Ibgyc87oOKmEEMy8DjgF7NXqSpNX7DpM7oPFTFijSLYkcaiGbZZCIVVz4qp2ObzG95TmYHjHtVjzeQTMim2fso= X-Received: by 2002:a9d:3a22:: with SMTP id j31mr15813229otc.238.1549672815868; Fri, 08 Feb 2019 16:40:15 -0800 (PST) MIME-Version: 1.0 References: <87ftv3xerx.fsf@rustcorp.com.au> <87pnu6s3v5.fsf@rustcorp.com.au> <87h8fiqn1z.fsf@rustcorp.com.au> <20181214093002.p2nvfrlaycqblww3@erisian.com.au> <8736qyhsej.fsf@rustcorp.com.au> <6DE5291C-629D-4080-9B0C-E18BEFA28B16@xbt.hk> <87efaenydd.fsf@rustcorp.com.au> In-Reply-To: <87efaenydd.fsf@rustcorp.com.au> From: Pieter Wuille Date: Fri, 8 Feb 2019 16:39:54 -0800 Message-ID: To: Rusty Russell , Bitcoin Protocol Discussion Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sat, 09 Feb 2019 14:48:51 +0000 Subject: Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2019 00:40:19 -0000 On Wed, 19 Dec 2018 at 18:06, Rusty Russell via bitcoin-dev wrote: > > Meanwhile, both SIGHASH_NOINPUT and OP_MASK have the reuse-is-dangerous > property; with OP_MASK the danger is limited to reuse-on-the-same-script > (ie. if you use the same key for a non-lightning output and a lightning > output, you're safe with OP_MASK. However, this is far less likely in > practice). Having had some more time to consider this and seeing discussions about alternatives, I agree. It doesn't seem that OP_MASK protects against any likely failure modes. I do think that there are realistic risks around NOINPUT, but output tagging (as suggested in another ML thread) seems to match those much better than masking does. Cheers, -- Pieter