Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E8DD0CDB; Mon, 9 Jul 2018 09:41:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from outmail149075.authsmtp.net (outmail149075.authsmtp.net [62.13.149.75]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 496AF76E; Mon, 9 Jul 2018 09:41:44 +0000 (UTC) Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247]) by punt20.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w699fgr2048171; Mon, 9 Jul 2018 10:41:42 +0100 (BST) (envelope-from user@petertodd.org) Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w699feHk077082 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 9 Jul 2018 10:41:41 +0100 (BST) (envelope-from user@petertodd.org) Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id ECD0640009; Mon, 9 Jul 2018 09:41:39 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id DDB2E2117B; Mon, 9 Jul 2018 05:41:39 -0400 (EDT) Date: Mon, 9 Jul 2018 05:41:39 -0400 From: Peter Todd To: Gregory Maxwell Message-ID: <20180709094139.wip4xqecjdjkqmjn@petertodd.org> References: <871sewirni.fsf@gmail.com> <87y3esvrvu.fsf@rustcorp.com.au> <20180703052100.gtjdverh5irfokrp@petertodd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3alkjvtgidj35tem" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-Server-Quench: 48f93327-835c-11e8-9efd-0015176ca198 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZIVwkA IjsJECJaVQIpKltL GxAVKBZePFsRUQkR bwdMdgsUEkAYAgsB Am4bWlReVFx7XWI7 bghPaBtcak9QXgdq T0pMXVMcUwNhCEpU fkUeVR5yfwcIeXtw Z0MsWngNVUd5d0Fg Sk1RRnAHZDJodWlK BhRFdwNVdQJNeEwU a1l3GhFYa3VsNCMk FAgyOXU9MCtqYA50 ekkWLF0SSF0LKTg7 RhYaAClH X-Authentic-SMTP: 61633532353630.1038:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion , lightning-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] BIP sighash_noinput X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jul 2018 09:41:46 -0000 --3alkjvtgidj35tem Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 03, 2018 at 11:45:22PM +0000, Gregory Maxwell wrote: > On Tue, Jul 3, 2018 at 5:21 AM, Peter Todd wrote: > > The problem with that name is `SIGHASH_REUSE_VULNERABLE` tells you noth= ing > > about what the flag actually does. >=20 > I believe that making the signature replayable is 1:1 with omitting > the identification of the specific coin being spent from it. I think you have a good point there. But that's not the only way that reuse could be a vulnerability: consider hash-based signatures. I'm happy with adding a suffix or prefix to the term SIGHASH_NOINPUT, e.g. SIGHASH_NOINPUT_UNSAFE to re-use Rust terminology. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --3alkjvtgidj35tem Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAltDLcwACgkQLly11TVR Lzfs8xAAkiB5Gx5Ug4klCmGcQTQHCAx4Pd/17XK8Grn8hE9z/zA1BjewWRpACwfJ iuT8YMe6havY1oQQ0qf7wxn3hbvXip0cGTXXxuY0+hshM+o1khbYWUMUG7E+D1K7 LIpJ0fVm7shmPwXwTnJtvuAEqbjbWIh4p32KNSIIR/wu3k2xbK8DvFLibtApOeGt YR/FEqOcfVHjGVEPwXKlz5DG5xVPAr5+zfrdydnehELcJx+hZWgwlUS5VGaz+VH9 S5liZX+G9iK92sEq2vws4GcDcteAkhf4lq+Dc9aci3PgkcZcrXxZsrKjS6jvslQh Pf+jfgwvWYgnX9i6KnAs3rdyXs/OVvhy3pt+1iyGJAAFI93llPViL1GLaMXjvJ26 6mwH/fH4ZSHR/ILeROnJV5aNE2EfUPxcukGYD8/YJ1Hd3uhGHOiUzYckPMVbhmr8 2WcatAssb3rv4CgIft8oZ8NcEIHFYcQKLJ8odDItXXZn3CjuhWR6N8x95ZUTYKZq MUCPvMcYsdmIjDQYz8SF3ok2MhSiqZkTqtFMOgUV4fy43POXOntSvY3oyArdnx4f z+vQke+rabiWqtzFm5UaFnSiDEgG7i/LONRcciEo2+UENRKq/zf2aYhtGbACK5cR wNcoyUrp2gG1MF5vISDp2MiQyWZ2NhUcqiB0AwYXWzflqhWWa1o= =2TVe -----END PGP SIGNATURE----- --3alkjvtgidj35tem--