[bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT
rusty at rustcorp.com.au
Wed Dec 12 09:42:10 UTC 2018
Pieter Wuille via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> writes:
> Here is a combined proposal:
> * Three new sighash flags are added: SIGHASH_NOINPUT, SIGHASH_NOFEE,
> and SIGHASH_SCRIPTMASK.
> * A new opcode OP_MASK is added, which acts as a NOP during execution.
> * The sighash is computed like in BIP143, but:
> * If SIGHASH_SCRIPTMASK is present, for every OP_MASK in scriptCode
> the subsequent opcode/push is removed.
I'm asking on-list because I'm sure I'm not the only confused one.
Having the SIGHASH_SCRIPTMASK flag is redundant AFAICT: why not always
perform mask-removal for signing?
If you're signing arbitrary scripts, you're surely in trouble already?
And I am struggling to understand the role of scriptmask in a taproot
world, where the alternate script is both hidden and general?
I look forward to learning what I missed!
More information about the bitcoin-dev