1
0
mirror of https://github.com/bitcoinbook/bitcoinbook synced 2024-12-23 15:18:11 +00:00

CH08: drop paragraph about segwit commiting to input amount

This now has a well-known problem and doesn't provide the guarantees
that were hoped for.
This commit is contained in:
David A. Harding 2023-04-08 10:58:26 -10:00
parent 61369c7206
commit 07e475583b

View File

@ -408,17 +408,7 @@ the way the commitment hash is calculated. For segwit version 0 witness
programs, signature verification occurs using an improved commitment programs, signature verification occurs using an improved commitment
hash algorithm as specified in BIP-143. hash algorithm as specified in BIP-143.
The new algorithm achieves two important goals. Firstly, the number of The new algorithm allows the number of
hash operations increases by a much more gradual O(n) to the number of hash operations increases by a much more gradual O(n) to the number of
signature operations, reducing the opportunity to create signature operations, reducing the opportunity to create
denial-of-service attacks with overly complex transactions. Secondly, denial-of-service attacks with overly complex transactions.
the commitment hash now also includes the value (amounts) of each input
as part of the commitment. This means that a signer can commit to a
specific input value without needing to "fetch" and check the previous
transaction referenced by the input. In the case of offline devices,
such as hardware wallets, this greatly simplifies the communication
between the host and the hardware wallet, removing the need to stream
previous transactions for validation. A hardware wallet can accept the
input value "as stated" by an untrusted host. Since the signature is
invalid if that input value is not correct, the hardware wallet doesn't
need to validate the value before signing the input.