[bitcoin-dev] Generalised Replay Protection for Future Hard Forks
sjors at sprovoost.nl
Thu Nov 9 21:01:10 UTC 2017
> Op 9 nov. 2017, om 21:45 heeft Jacob Eliosoff via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> het volgende geschreven:
> As I understand you, a private key in cold storage would (of course) remain valid across HFs, but an address would be valid only for the nForkId it was generated for. There may be cold-storage-type cases where it's important for an address to be valid across all chains, ie, to intentionally allow replay? But I guess this could just be a special nForkId value, say -1?
If I understand the proposal correctly, you can always spend coins; it's the next transaction that is replay protected.
I like the idea of specifying the fork in bech32 . On the other hand, the standard already has a human readable part. Perhaps the human readable part can be used as the fork id?
Note that in your currently proposal nForkId is only in the transaction signature pre-image. It's not in the serialized transaction, so a node would just have to try to see if the signature is valid. I don't know if that's a problem.
Can you clarify what you mean with:
> Allowing signatures with `nForkId=1` can be achieved with a soft fork by incrementing the script version of SegWit, making this a fully backwards compatible change.
What's the purpose of nForkId 1?
> potentially a way to opt-out of replay protection of any fork, where deemed necessary (can be beneficial for some L2 applications).
Can you give an example of where this opt-out would be useful? Why wouldn't it be enough to just sign one transaction for each fork?
In Spoonnet, the version number is added to the SIGHASH_TYPE in the pre-image. Your solution of just adding another field seems easier, but maybe there's a downside?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: Message signed with OpenPGP
More information about the bitcoin-dev