[bitcoin-dev] Generalised Replay Protection for Future Hard Forks

Sjors Provoost sjors at sprovoost.nl
Thu Nov 9 21:01:10 UTC 2017

> Op 9 nov. 2017, om 21:45 heeft Jacob Eliosoff via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> het volgende geschreven:
> As I understand you, a private key in cold storage would (of course) remain valid across HFs, but an address would be valid only for the nForkId it was generated for.  There may be cold-storage-type cases where it's important for an address to be valid across all chains, ie, to intentionally allow replay?  But I guess this could just be a special nForkId value, say -1?

If I understand the proposal correctly, you can always spend coins; it's the next transaction that is replay protected.

I like the idea of specifying the fork in bech32 [0]. On the other hand, the standard already has a human readable part. Perhaps the human readable part can be used as the fork id?

Note that in your currently proposal nForkId is only in the transaction signature pre-image. It's not in the serialized transaction, so a node would just have to try to see if the signature is valid. I don't know if that's a problem.

Can you clarify what you mean with:
> Allowing signatures with `nForkId=1` can be achieved with a soft fork by incrementing the script version of SegWit, making this a fully backwards compatible change.

What's the purpose of nForkId 1?

>  potentially a way to opt-out of replay protection of any fork, where deemed necessary (can be beneficial for some L2 applications).

Can you give an example of where this opt-out would be useful? Why wouldn't it be enough to just sign one transaction for each fork?

In Spoonnet, the version number is added to the SIGHASH_TYPE in the pre-image. Your solution of just adding another field seems easier, but maybe there's a downside?


[0] https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#Bech32
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20171109/e5a52b05/attachment.sig>

More information about the bitcoin-dev mailing list