mirror of
https://github.com/bitcoinbook/bitcoinbook
synced 2024-12-23 15:18:11 +00:00
CH08: drop paragraph about segwit commiting to input amount
This now has a well-known problem and doesn't provide the guarantees that were hoped for.
This commit is contained in:
parent
61369c7206
commit
07e475583b
@ -408,17 +408,7 @@ the way the commitment hash is calculated. For segwit version 0 witness
|
||||
programs, signature verification occurs using an improved commitment
|
||||
hash algorithm as specified in BIP-143.
|
||||
|
||||
The new algorithm achieves two important goals. Firstly, the number of
|
||||
The new algorithm allows the number of
|
||||
hash operations increases by a much more gradual O(n) to the number of
|
||||
signature operations, reducing the opportunity to create
|
||||
denial-of-service attacks with overly complex transactions. Secondly,
|
||||
the commitment hash now also includes the value (amounts) of each input
|
||||
as part of the commitment. This means that a signer can commit to a
|
||||
specific input value without needing to "fetch" and check the previous
|
||||
transaction referenced by the input. In the case of offline devices,
|
||||
such as hardware wallets, this greatly simplifies the communication
|
||||
between the host and the hardware wallet, removing the need to stream
|
||||
previous transactions for validation. A hardware wallet can accept the
|
||||
input value "as stated" by an untrusted host. Since the signature is
|
||||
invalid if that input value is not correct, the hardware wallet doesn't
|
||||
need to validate the value before signing the input.
|
||||
denial-of-service attacks with overly complex transactions.
|
||||
|
Loading…
Reference in New Issue
Block a user