Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-02 Thread Anthony Towns via bitcoin-dev
On Fri, May 01, 2020 at 08:23:07AM -0400, Russell O'Connor wrote: > Regarding specifics, I personally think it would be better to keep the > hashes of the ScriptPubKeys separate from the hashes of the input values. I think Andrew's original suggestion achieves this: >> The obvious way to

Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-02 Thread David A. Harding via bitcoin-dev
On Wed, Apr 29, 2020 at 04:57:46PM +0200, Andrew Kozlik via bitcoin-dev wrote: > In order to ascertain non-ownership of an input which is claimed to be > external, the wallet needs the scriptPubKey of the previous output spent by > this input. A wallet can easily check whether a scriptPubKey

Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-02 Thread Russell O'Connor via bitcoin-dev
> If you didn't verify the output scriptPubKeys, you would *only* be able > to care about fees since you couldn't verify where any of the funds went? > And you'd only be able to say fees are "at least x", since they could be > more if one of the scriptPubKeys turned out to be OP_TRUE eg. That

Re: [bitcoin-dev] BIP-341: Committing to all scriptPubKeys in the signature message

2020-05-02 Thread Russell O'Connor via bitcoin-dev
On Sat, May 2, 2020 at 10:26 AM Anthony Towns wrote: > > except that we'd arguably still be missing: > > is this a coinbase output? (Coin.fCoinBase) > what was the height of the coin? (Coin.nHeight) > > Maybe committing to the coinbase flag would have some use, but committing > to the