Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-01 Thread Jeremy via bitcoin-dev
Hi Andrew, If you use SIGHASH_ALL it shall sign the COutPoints of all inputs which commit to the scriptPubKeys of the txn. Thus the 341 hash doesn't need to sign any additional data. As a metadata protocol you can provide all input transactions to check the scriptPubKeys. Best, Jeremy --

Re: [bitcoin-dev] Fwd: (Semi)Traceless 2-party coinjoin off-chain protocol using schnorr signatures

2020-05-01 Thread ZmnSCPxj via bitcoin-dev
Good morning CB, > > This "as long as the inputs that should be separate are not co-spent" is > > precisely what mixdepths protect against, which is why I think some kind of > > mixdepth facility will still matter in CoinSwap. > > Still, you have convinced me that, for the purpose of

Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-01 Thread Russell O'Connor via bitcoin-dev
While I'm not entirely convinced yet that accertaining non-ownership of an input is a robust method of solving the problem here, I also see little reason not to amend BIP-341 as proposed. The ScriptPubKeys in question is already indirectly covered through the outpoints, so it is just a matter of

Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-01 Thread Andrew Kozlik via bitcoin-dev
Hi Jeremy, What you are saying is correct and I am not disputing that there is sufficient cryptographic commitment in the signature message. As I tried to explain, my proposal is about avoiding the need for the metadata protocol you speak of. Avoiding such a protocol has been a design goal in

Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-01 Thread Greg Sanders via bitcoin-dev
For what it's worth this measure had been discussed as a lightweight way of informing offline signers if inputs were segwit or not for malleability analysis reasons. So there's at least a couple direct use-cases it seems. On Fri, May 1, 2020, 8:23 AM Russell O'Connor via bitcoin-dev <

Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-01 Thread Jeremy via bitcoin-dev
At the end of the day I don't really care that much I just prefer something that doesn't throw taproot in for another review cycle. A side effect of this proposal is it would seem to make it not possible to produce a signature for a transaction without having access to the inputs. This is