Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT

2018-12-20 Thread Johnson Lau via bitcoin-dev
> On 17 Dec 2018, at 11:10 AM, Rusty Russell wrote: > > Johnson Lau writes: >> I don’t think this has been mentioned: without signing the script or masked >> script, OP_CODESEPARATOR becomes unusable or insecure with NOINPUT. >> >> In the new sighash proposal, we will sign the hash of the

Re: [bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT

2018-12-20 Thread Rusty Russell via bitcoin-dev
Johnson Lau writes: >> On 17 Dec 2018, at 11:10 AM, Rusty Russell wrote: >> My anti-complexity argument leads me to ask why we'd support >> OP_CODESEPARATOR at all? Though my argument is weaker here: no wallet >> need support it. > > Because it could make scripts more compact in some cases? >

Re: [bitcoin-dev] Safer NOINPUT with output tagging

2018-12-20 Thread Johnson Lau via bitcoin-dev
> On 21 Dec 2018, at 1:20 AM, Christian Decker > wrote: > > Johnson Lau writes: >> Correct me if I’m wrong. >> >> For the sake of simplicity, in the following I assume BIP118, 143, and >> 141-P2WSH are used (i.e. no taproot). Also, I skipped all the possible >> optimisations. >> >> 1. A

Re: [bitcoin-dev] Safer NOINPUT with output tagging

2018-12-20 Thread Christian Decker via bitcoin-dev
Johnson Lau writes: > Correct me if I’m wrong. > > For the sake of simplicity, in the following I assume BIP118, 143, and > 141-P2WSH are used (i.e. no taproot). Also, I skipped all the possible > optimisations. > > 1. A and B are going to setup a channel. > > 2. They create one setup tx, with a

Re: [bitcoin-dev] Safer NOINPUT with output tagging

2018-12-20 Thread Johnson Lau via bitcoin-dev
> On 20 Dec 2018, at 6:09 AM, Christian Decker > wrote: > > Ruben Somsen via bitcoin-dev > > writes: > >> Hi Johnson, >> >> The design considerations here seem similar to the ML discussion of >> whether Graftroot should be optional [1]. >> >>>

Re: [bitcoin-dev] Safer NOINPUT with output tagging

2018-12-20 Thread Christian Decker via bitcoin-dev
Ruben Somsen via bitcoin-dev writes: > Hi Johnson, > > The design considerations here seem similar to the ML discussion of > whether Graftroot should be optional [1]. > >>While this seems fully compatible with eltoo, is there any other proposals >>require NOINPUT, and is adversely affected by