public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
To: DING FENG <dingfeng12345@gmail.com>
Cc: Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>,
	"lightning-dev@lists.linuxfoundation.org"
	<lightning-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Lightning-dev]  BIP sighash_noinput
Date: Wed, 11 Jul 2018 03:43:49 -0400	[thread overview]
Message-ID: <xF57z5lmJtHRanRFykpwT4mFSGhTYFPYEOurYulBDMpb7SNeqVliqfDHPjYl5LEFs2hP_zuOKbbh0yU8li5GTcbJfrDhR3Ez734-2qLwL2Y=@protonmail.com> (raw)
In-Reply-To: <CAK_c0Xo0G9-YiOGZK_8WsYNkzjQRaH+u7XOUAozKosggXeXTNg@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3424 bytes --]

Good morning DING FENG,

While your concern is valid, the general intent is the below:

1.  We will use a scary name like SIGHASH_NOINPUT_UNSAFE to explicitly inform to wallet and Bitcoin software developers that the flag is potentially unsafe.
2.  SIGHASH_NOINPUT_UNSAFE is intended to be used for specialty protocols like LN, CoinSwap, etc. and not for general-purpose user wallets (except for Luke Dash Jr wallet which explicitly rejects address reuse).  By default, this flag is not set and address reuse is still slightly safe for common usage, modulo other bugs in the implementation such as weak generation of random R (which are already existing concerns for SIGHASH_ALL).
2.1.  Even for LN/CoinSwap/etc., SIGHASH_NOINPUT_UNSAFE will be used only in the exact specialty protocol, and not e.g. for general wallet usage.

Regards,
ZmnSCPxj

Sent with [ProtonMail](https://protonmail.com) Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On July 11, 2018 12:37 PM, DING FENG <dingfeng12345@gmail.com> wrote:

> Hi,
>
> I'm a junior developer and a bitcoin user.
> And I have read this thread carefully.
>
> I'm very worried about "SIGHASH_NOINPUT".
>
> Because "SIGHASH_NOINPUT" looks will be widely used, and it makes reuse address more dangerous.
> Now, most donate addresses (even bitcointalk.org and bitcoin.org) used as reuse addresss, and fans continually send bitcoins to these addresses.
> So, if user import his address (keys, seeds) to one of the "SIGHASH_NOINPUT" enabled Bitcoin/LN wallet and sign a Tx, this will make his donate address disabled immediately and will continue loss coins future(although the input amount is included by the SIGHASH_NOINPUT signature).
>
> "SIGHASH_NONE" only influence the current coin in the single Tx, and may be no wallet implement it.
> "SIGHASH_NOINPUT" influence the whole wallet and future coins, and "SIGHASH_NOINPUT" intent to be widely used in Bitcoin/LN wallet.
>
> "SIGHASH_NOINPUT" look more like give away my signature right (as release my private key, I know that there is an exchange of private keys operation in LN).
> Other SIGHASH flag just giveaway my designated coins.
>
> Although address reuse is not perfect safe, but it can be used and widely used in fact,
> So, I think "SIGHASH_NOINPUT" may let a lot of users at risk.
>
> 2018-07-03 20:13 GMT+08:00 Luke Dashjr <luke@dashjr.org>:
>
>> On Monday 02 July 2018 18:11:54 Gregory Maxwell wrote:
>>> I know it seems kind of silly, but I think it's somewhat important
>>> that the formal name of this flag is something like
>>> "SIGHASH_REPLAY_VULNERABLE" or likewise or at least
>>> "SIGHASH_WEAK_REPLAYABLE". This is because noinput is materially
>>> insecure for traditional applications where a third party might pay to
>>> an address a second time, and should only be used in special protocols
>>> which make that kind of mistake unlikely.
>>
>> I don't agree. Address reuse is undefined behaviour. Nobody should assume it
>> is safe or works.
>>
>> I intend to possibly use SIGHASH_NOINPUT for ordinary Bitcoin transactions in
>> a wallet I am writing, which explicitly does not support address reuse.
>>
>> Luke
>> _______________________________________________
>> Lightning-dev mailing list
>> Lightning-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
>
> --
>
> Mob: +86-18667916176
>
> Email:dingfeng12345@gmail.com

[-- Attachment #2: Type: text/html, Size: 5769 bytes --]

  parent reply	other threads:[~2018-07-11  7:43 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-30 16:29 [bitcoin-dev] BIP sighash_noinput Christian Decker
2018-04-30 18:25 ` Dario Sneidermanis
2018-05-01 16:58 ` Russell O'Connor
2018-05-01 17:32   ` Christian Decker
2018-05-04  9:15     ` ZmnSCPxj
2018-05-04 11:09       ` Christian Decker
2018-05-04 14:25         ` ZmnSCPxj
2018-09-26  9:36   ` Jonas Nick
2018-09-26 19:45     ` Johnson Lau
2018-09-26 20:40       ` Jonas Nick
2018-05-07 19:40 ` Christian Decker
2018-05-07 20:51   ` Bram Cohen
2018-07-03  6:58     ` [bitcoin-dev] [Lightning-dev] " ZmnSCPxj
2018-07-03 11:54       ` William Casarin
2018-05-08 14:40   ` [bitcoin-dev] " Anthony Towns
2018-05-09 23:01     ` Olaoluwa Osuntokun
2018-05-09 23:04     ` Rusty Russell
2018-05-14  9:23       ` [bitcoin-dev] [Lightning-dev] " Anthony Towns
2018-05-15 14:28         ` Christian Decker
2018-05-07 23:47 ` [bitcoin-dev] " Olaoluwa Osuntokun
2018-05-10 14:12   ` Christian Decker
2018-07-02 18:11 ` Gregory Maxwell
2018-07-03  4:56   ` Rusty Russell
2018-07-03  5:21     ` Peter Todd
2018-07-03 23:45       ` Gregory Maxwell
2018-07-09  9:41         ` Peter Todd
2018-07-03 12:05   ` Christian Decker
2018-07-03 12:13   ` [bitcoin-dev] [Lightning-dev] " Luke Dashjr
2018-07-04 18:08     ` fred savage
2018-07-05  8:18       ` vv01f
     [not found]     ` <CAK_c0Xo0G9-YiOGZK_8WsYNkzjQRaH+u7XOUAozKosggXeXTNg@mail.gmail.com>
2018-07-11  7:43       ` ZmnSCPxj [this message]
2018-07-13  0:04       ` Rusty Russell
2018-07-13  9:50         ` fred savage
2018-07-13 11:07           ` Christian Decker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='xF57z5lmJtHRanRFykpwT4mFSGhTYFPYEOurYulBDMpb7SNeqVliqfDHPjYl5LEFs2hP_zuOKbbh0yU8li5GTcbJfrDhR3Ez734-2qLwL2Y=@protonmail.com' \
    --to=zmnscpxj@protonmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=dingfeng12345@gmail.com \
    --cc=lightning-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox