diff options
| author | Peter Todd <pete@petertodd.org> | 2015-01-09 05:41:42 -0500 |
|---|---|---|
| committer | Peter Todd <pete@petertodd.org> | 2015-01-09 05:41:42 -0500 |
| commit | cea602ef6c9b68483a696c3358f010f46915afe4 (patch) | |
| tree | 68272ee591566408885c9d89250d40d996a36445 /bip-0062.mediawiki | |
| parent | fbc7e6778334519f65741a0ec916c7b419d449f6 (diff) | |
| download | bips-cea602ef6c9b68483a696c3358f010f46915afe4.tar.xz | |
BIP62: Make OP_0 a validly encoded signature
Previously BIP62 did not provide a compact way to delibrately encode an
invalid signature. For example in BIP19 if m != n with this change you
can provide compact OP_0's in the scriptSig rather than lengthy
DER-encoded signatures.
Note that we may want to further expand on this change in the future by
saying that only OP_0 is a "valid" invalid signature; BIP19 even with
this change is inherently malleable as the invalid signatures can be any
validly encoded DER signature.
Diffstat (limited to 'bip-0062.mediawiki')
| -rw-r--r-- | bip-0062.mediawiki | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bip-0062.mediawiki b/bip-0062.mediawiki index 4e5653b..98086dd 100644 --- a/bip-0062.mediawiki +++ b/bip-0062.mediawiki @@ -38,7 +38,7 @@ The first six and part of the seventh can be fixed by extra consensus rules, but ===New rules=== Seven extra rules are introduced, to combat exactly the seven first sources of malleability listed above: -# '''Canonically encoded ECDSA signatures''' An ECDSA signature passed to OP_CHECKSIG, OP_CHECKSIGVERIFY, OP_CHECKMULTISIG or OP_CHECKMULTISIGVERIFY must be encoded using strict DER encoding. Doing a verification with a non-DER signature makes the entire script evaluate to False (not just the signature verification). See reference: [[#der-encoding|DER encoding]]. +# '''Canonically encoded ECDSA signatures''' An ECDSA signature passed to OP_CHECKSIG, OP_CHECKSIGVERIFY, OP_CHECKMULTISIG or OP_CHECKMULTISIGVERIFY must be encoded using strict DER encoding. To provide a compact way to delibrately create an invalid signature for with OP_CHECKSIG and OP_CHECKMULTISIG the empty byte array (the result of OP_0) is also allowed. Doing a verification with a non-DER signature makes the entire script evaluate to False (not just the signature verification). See reference: [[#der-encoding|DER encoding]]. # '''Non-push operations in scriptSig''' Only data pushes are allowed in scriptSig. Evaluating any other operation makes the script evaluate to false. See reference: [[#push-operators|Push operators]]. # '''Push operations in scriptSig of non-standard size type''' The smallest possible push operation must be used when possible. Pushing data using an operation that could be encoded in a shorter way makes the script evaluate to false. See reference: [[#push-operators|Push operators]]. # '''Zero-padded number pushes''' Any time a script opcode consumes a stack value that is interpreted as a number, it must be encoded in its shortest possible form. 'Negative zero' is not allowed. See reference: [[#numbers|Numbers]]. |