[Bitcoin-development] Build your own nHashType

Mike Hearn mike at plan99.net
Thu Apr 9 14:45:35 UTC 2015

> I don't think it's quite a blank check, but it would enable replay attacks
> in the form of sending the money to the same place it was sent before if an
> address ever receives coins again.

Right, good point. I wonder if this sort of auto forwarding could even be a
useful feature. I can't think of one right now.

> It's hard, though, because there is different data needs to be signed for
> each input.

Yes but is that fundamental or is there a way to avoid it? That's what I'm
getting at.

> Another possibility would be to put the previous scriptPubKey and previous
> output value at the END of the serialized transaction, so that you could
> make use of some sort of a signature hash midstate.

Interesting idea! I don't agree it's messy. If anything it should be
simpler than what we have today - the need to edit a transaction *in the
middle* means that sighash computation involves constantly reserializing a
transaction before it even gets to be hashed.

> Is hashing transaction data once for each input really a huge bottleneck,
> though? Do mobile devices have an issue with this?

Consider what happens with very large transactions, like a big assurance
contract that might have thousands of inputs and be multiple megabytes in
size. Obviously such large transactions cannot happen today, but there is
user demand for giant contracts (or at least, users tell me there is,
whether they'd actually do it for real is a bit unclear).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150409/faa89170/attachment.html>

More information about the bitcoin-dev mailing list