diff options
author | Orfeas Stefanos Thyfronitis Litos <o.thyfronitis@ed.ac.uk> | 2019-11-26 15:30:12 +0000 |
---|---|---|
committer | Pieter Wuille <pieter.wuille@gmail.com> | 2020-01-19 14:47:33 -0800 |
commit | ca472ed663d32039448560b36ecf1e6467ba4347 (patch) | |
tree | 277d586c7056fdf75beebad16ba8e6c99658ea0b /bip-taproot.mediawiki | |
parent | 5918b4666c4c4fbf54a2ef8550877f02328a2afc (diff) | |
download | bips-ca472ed663d32039448560b36ecf1e6467ba4347.tar.xz |
Mention that miners could malleate signatures
Diffstat (limited to 'bip-taproot.mediawiki')
-rw-r--r-- | bip-taproot.mediawiki | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bip-taproot.mediawiki b/bip-taproot.mediawiki index dc59c51..ba8d048 100644 --- a/bip-taproot.mediawiki +++ b/bip-taproot.mediawiki @@ -93,7 +93,7 @@ The following rules apply: * If the signature is not 64<ref>'''Why permit two signature lengths?''' By making the most common type of <code>hash_type</code> implicit, a byte can often be saved.</ref> or 65 bytes, fail. * If the signature size is 65 bytes: ** If the final byte is not a valid <code>hash_type</code> (defined hereinafter), fail. -** If the final byte is <code>0x00</code>, fail<ref>'''Why can the <code>hash_type</code> not be <code>0x00</code> in 65-byte signatures?''' Permitting that would enable malleating 64-byte signatures into 65-byte ones, resulting in a different `wtxid` and a different fee rate than the creator intended</ref>. +** If the final byte is <code>0x00</code>, fail<ref>'''Why can the <code>hash_type</code> not be <code>0x00</code> in 65-byte signatures?''' Permitting that would enable malleating (by third parties, including miners) 64-byte signatures into 65-byte ones, resulting in a different `wtxid` and a different fee rate than the creator intended</ref>. ** If the first 64 bytes are not a valid signature according to bip-schnorr for the public key and message set to the transaction digest with <code>hash_type</code> set as the final byte, fail. * If the signature size is 64 bytes: ** If it is not a valid signature according to bip-schnorr for the public key and the <code>hash_type = 0x00</code> transaction digest as message, fail. |