mirror of
https://github.com/bitcoinbook/bitcoinbook
synced 2024-12-23 15:18:11 +00:00
CH08: drop paragraph about segwit commiting to input amount
This now has a well-known problem and doesn't provide the guarantees that were hoped for.
This commit is contained in:
parent
61369c7206
commit
07e475583b
@ -408,17 +408,7 @@ the way the commitment hash is calculated. For segwit version 0 witness
|
|||||||
programs, signature verification occurs using an improved commitment
|
programs, signature verification occurs using an improved commitment
|
||||||
hash algorithm as specified in BIP-143.
|
hash algorithm as specified in BIP-143.
|
||||||
|
|
||||||
The new algorithm achieves two important goals. Firstly, the number of
|
The new algorithm allows the number of
|
||||||
hash operations increases by a much more gradual O(n) to the number of
|
hash operations increases by a much more gradual O(n) to the number of
|
||||||
signature operations, reducing the opportunity to create
|
signature operations, reducing the opportunity to create
|
||||||
denial-of-service attacks with overly complex transactions. Secondly,
|
denial-of-service attacks with overly complex transactions.
|
||||||
the commitment hash now also includes the value (amounts) of each input
|
|
||||||
as part of the commitment. This means that a signer can commit to a
|
|
||||||
specific input value without needing to "fetch" and check the previous
|
|
||||||
transaction referenced by the input. In the case of offline devices,
|
|
||||||
such as hardware wallets, this greatly simplifies the communication
|
|
||||||
between the host and the hardware wallet, removing the need to stream
|
|
||||||
previous transactions for validation. A hardware wallet can accept the
|
|
||||||
input value "as stated" by an untrusted host. Since the signature is
|
|
||||||
invalid if that input value is not correct, the hardware wallet doesn't
|
|
||||||
need to validate the value before signing the input.
|
|
||||||
|
Loading…
Reference in New Issue
Block a user