[bitcoin-dev] Disallow insecure use of SIGHASH_SINGLE

Chris Stewart chris at suredbits.com
Wed Jun 6 00:17:52 UTC 2018

Do you have any thoughts on expanding this to SIGHASH_NONE? Perhaps someone
else on the dev list can enlighten me, but is there a current use case for
SIGHASH_NONE that would suffer from it being non standard?


On Thu, May 31, 2018 at 1:53 PM, Johnson Lau via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:

> I’ve made a PR to add a new policy to disallow using SIGHASH_SINGLE
> without matched output:
> https://github.com/bitcoin/bitcoin/pull/13360
> Signature of this form is insecure, as it commits to no output while users
> might think it commits to one. It is even worse in non-segwit scripts,
> which is effectively SIGHASH_NOINPUT|SIGHASH_NONE, so any UTXO of the same
> key could be stolen. (It’s restricted to only one UTXO in segwit, but it’s
> still like a SIGHASH_NONE.)
> This is one of the earliest unintended consensus behavior. Since these
> signatures are inherently unsafe, I think it does no harm to disable this
> unintended “feature” with a softfork. But since these signatures are
> currently allowed, the first step is to make them non-standard.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180605/090a210f/attachment-0001.html>

More information about the bitcoin-dev mailing list