[Lightning-dev] [bitcoin-dev] BIP sighash_noinput

DING FENG dingfeng12345 at gmail.com
Wed Jul 11 04:37:27 UTC 2018 

Hi,

I'm a junior developer and a bitcoin user.
And I have read this thread carefully.

I'm very worried about "SIGHASH_NOINPUT".

Because "SIGHASH_NOINPUT" looks will be widely used, and it makes reuse
address more dangerous.
Now, most donate addresses (even bitcointalk.org and bitcoin.org) used as
reuse addresss, and fans continually send bitcoins to these addresses.
So, if user import his address (keys, seeds) to one of the
"SIGHASH_NOINPUT" enabled Bitcoin/LN wallet and sign a Tx, this will make
his donate address disabled immediately and will continue loss coins
future(although the input amount is included by the SIGHASH_NOINPUT
signature).


"SIGHASH_NONE" only influence the current coin in the single Tx, and may be
no wallet implement it.
"SIGHASH_NOINPUT" influence the whole wallet and future coins, and
"SIGHASH_NOINPUT" intent to be widely used in Bitcoin/LN wallet.

"SIGHASH_NOINPUT" look more like give away my signature right (as release
my private key, I know that there is an exchange of private keys operation
in LN).
Other SIGHASH flag just giveaway my designated coins.


Although address reuse is not perfect safe, but it can be used and widely
used in fact,
So, I think "SIGHASH_NOINPUT" may let a lot of users at risk.



2018-07-03 20:13 GMT+08:00 Luke Dashjr <luke at dashjr.org>:

> On Monday 02 July 2018 18:11:54 Gregory Maxwell wrote:
> > I know it seems kind of silly, but I think it's somewhat important
> > that the formal name of this flag is something like
> > "SIGHASH_REPLAY_VULNERABLE" or likewise or at least
> > "SIGHASH_WEAK_REPLAYABLE". This is because noinput is materially
> > insecure for traditional applications where a third party might pay to
> > an address a second time, and should only be used in special protocols
> > which make that kind of mistake unlikely.
>
> I don't agree. Address reuse is undefined behaviour. Nobody should assume
> it
> is safe or works.
>
> I intend to possibly use SIGHASH_NOINPUT for ordinary Bitcoin transactions
> in
> a wallet I am writing, which explicitly does not support address reuse.
>
> Luke
> _______________________________________________
> Lightning-dev mailing list
> Lightning-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
>



-- 


Mob: +86-18667916176
Email:dingfeng12345 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20180711/28043dfe/attachment.html>

More information about the Lightning-dev mailing list