[bitcoin-dev] Continuing the discussion about noinput / anyprevout

[s7r]

Anthony Towns via bitcoin-dev wrote:
[SNIP]
> 
> My thinking at the moment (subject to change!) is:
> 
>  * anyprevout signatures make the address you're signing for less safe,
>    which may cause you to lose funds when additional coins are sent to
>    the same address; this can be avoided if handled with care (or if you
>    don't care about losing funds in the event of address reuse)
> 

It's not necessarily like this. Address re-use is many times OUTSIDE the
control of the address owner. Say I give my address to a counterparty.
They send me a transaction which I successfully spend. So far so good.

After that, I have no control over that counterparty. If they decide to
re-use that address, it does not mean I wanted to re-use it and it also
does not mean that I don't care about those funds being lost.

This could create a lot of problems in the industry and I think it
should be avoided. Address re-use has been strongly discouraged ever
since I can remember, and all (proper) wallet implementations try as
hard as possible to enforce it, but it's not always possible. A
counterparty that decides to re-use an address, either accidentally or
not, is not under the control of the user who handed out the address in
the first place.

There are also a lot of use cases with P2SH addresses that are some
smart contracts particularly designed to be re-used multiple times over
time.

My 2 cents are that this is not a good way to go. If you try to index
the entire blockchain until now you'll see that address re-use is more
common than we'd want it to be and there's no clear way to prevent this
from further happening without hurting the economic interests of the users.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20191002/282e8910/attachment.sig>