[bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT

Rusty Russell rusty at rustcorp.com.au
Wed Dec 12 09:42:10 UTC 2018

Pieter Wuille via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> writes:
> Here is a combined proposal:
> * Three new sighash flags are added: SIGHASH_NOINPUT, SIGHASH_NOFEE,
> * A new opcode OP_MASK is added, which acts as a NOP during execution.
> * The sighash is computed like in BIP143, but:
>   * If SIGHASH_SCRIPTMASK is present, for every OP_MASK in scriptCode
> the subsequent opcode/push is removed.

I'm asking on-list because I'm sure I'm not the only confused one.

Having the SIGHASH_SCRIPTMASK flag is redundant AFAICT: why not always
perform mask-removal for signing?

If you're signing arbitrary scripts, you're surely in trouble already?

And I am struggling to understand the role of scriptmask in a taproot
world, where the alternate script is both hidden and general?

I look forward to learning what I missed!

More information about the bitcoin-dev mailing list