On Thu, May 31, 2018 at 2:35 PM, Johnson Lau via bitcoin-dev < firstname.lastname@example.org> wrote:
> > Double SHA256 of the serialization of: > Should we replace the Double SHA256 with a Single SHA256? There is no possible length extension attack here. Or are we speculating that there is a robustness of Double SHA256 in the presence of SHA256 breaking? I suggest putting `sigversion` at the beginning instead of the end of the format. Because its value is constant, the beginning of the SHA-256 computation could be pre-computed in advance. Furthermore, if we make the `sigversion` exactly 64-bytes long then the entire first block of the SHA-256 compression function could be pre-computed. Can we add CHECKSIGFROMSTACK or do you think that would go into a separate BIP?
_______________________________________________ bitcoin-dev mailing list email@example.com https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev