> On 12 Dec 2018, at 5:42 PM, Rusty Russell via bitcoin-dev 
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> Pieter Wuille via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> writes:
>> Here is a combined proposal:
>> * Three new sighash flags are added: SIGHASH_NOINPUT, SIGHASH_NOFEE,
>> and SIGHASH_SCRIPTMASK.
>> * A new opcode OP_MASK is added, which acts as a NOP during execution.
>> * The sighash is computed like in BIP143, but:
>>  * If SIGHASH_SCRIPTMASK is present, for every OP_MASK in scriptCode
>> the subsequent opcode/push is removed.
> 
> I'm asking on-list because I'm sure I'm not the only confused one.
> 
> Having the SIGHASH_SCRIPTMASK flag is redundant AFAICT: why not always
> perform mask-removal for signing?

Because a hardware wallet may want to know what exact script it is signing?

Masked script has reduced security, but this is a tradeoff with functionality 
(e.g. eltoo can’t work without masking part of the script). So when you don’t 
need that extra functionality, you go back to better security

However, I’m not sure if there is any useful NOINPUT case with unmasked script.

> 
> If you're signing arbitrary scripts, you're surely in trouble already?
> 
> And I am struggling to understand the role of scriptmask in a taproot
> world, where the alternate script is both hidden and general?

It makes sure that your signature is applicable to a specific script branch, 
not others (assuming you use the same pubkey in many branches, which is 
avoidable)

> 
> I look forward to learning what I missed!
> Rusty.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Reply via email to