taproot-sighash.mediawiki: remove input nNonce field

ElementsProject · Jun 8, 2021 · 2b55b42 · 2b55b42
1 parent 169af2d
commit 2b55b42
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/doc/taproot-sighash.mediawiki b/doc/taproot-sighash.mediawiki
@@ -15,7 +15,7 @@ The parameter ''hash_type'' is an 8-bit unsigned value. The <code>SIGHASH</code>
 
 '''''NEW''''' If the input under consideration is a pegin input, the fields ''nAsset'', ''nValue'' and ''scriptPubKey'', where they appear, are taken from the pegin witness data. The asset used is the asset ID on the sidechain, not that on the parent chain (if any).
 '''''NEW''''' The epoch field prepended before signature hash is completely dropped. If there are new updates to the taproot signature hashes in elements, they will use new tagged hashes instead of incrementing epochs
-'''''NEW''''' The fields ''nNonce'', ''nAsset'' and ''nValue'' are serialized in a fixed-length format, which consists of their ordinary 1/9/33 byte encoding followed by sufficiently many 0 to pad the length out to 33. When we refer to ''extended <code>CTxOut</code> format'' below, we mean the fields ''nAsset'', ''nValue'', ''nNonce'' serialized in that order in fixed-length format, followed by the ordinary length-prefixed ''scriptPubKey''.
+'''''NEW''''' The fields ''nAsset'' and ''nValue'' are serialized in a fixed-length format, which consists of their ordinary 1/9/33 byte encoding followed by sufficiently many 0 to pad the length out to 33. When we refer to ''sighash <code>CTxOut</code> format'' below, we mean the fields ''nAsset'' and ''nValue'' serialized in that order in fixed-length format, followed by the ordinary length-prefixed ''scriptPubKey''. Notice that the ''nNonce'' field **is not serialized in the sighash**.
 
 The parameter ''ext_flag'' is an integer in range 0-127, and is used for indicating (in the message) that extensions are added at the end of the message<ref>'''What extensions use the ''ext_flag'' mechanism?''' [https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki BIP-0342] reuses the same common signature message algorithm, but adds BIP-0342-specific data at the end, which is indicated using ''ext_flag = 1''.</ref>.
 
@@ -39,7 +39,7 @@ If the parameters take acceptable values, the message is the concatenation of th
 *** ''sha_sequences'' (32): the SHA256 of the serialization of all input ''nSequence''.
 *** '''''NEW''''' ''sha_issuances'' (32): the SHA256 of the serialization of the concatenation of all input ''assetIssuance'' or 130 '0x00' bytes for inputs with no issuance
 ** If ''hash_type & 3'' does not equal <code>SIGHASH_NONE</code> or <code>SIGHASH_SINGLE</code>:
-*** ''sha_outputs'' (32): the SHA256 of the serialization of all outputs in extended <code>CTxOut</code> format.
+*** ''sha_outputs'' (32): the SHA256 of the serialization of all outputs in sighash <code>CTxOut</code> format.
 *** '''''NEW''''' ''sha_output_witnesses'' (32): the SHA256 of the serialization of all output witnesses (rangeproof and surjection proof) in <code>CTxOutWitness</code> format.
 * Data about this input:
 ** ''spend_type'' (1): equal to ''(ext_flag * 2) + annex_present'', where ''annex_present'' is 0 if no annex is present, or 1 otherwise (the original witness stack has two or more witness elements, and the first byte of the last element is ''0x50'')
@@ -48,7 +48,6 @@ If the parameters take acceptable values, the message is the concatenation of th
 *** ''outpoint'' (36): the <code>COutPoint</code> of this input (32-byte hash + 4-byte little-endian) where the output index includes the outpoint flags.
 *** '''''NEW''''' ''nAsset'' (33): (possibly confidential) assetID of the previous output spent by this input, in fixed-length format
 *** '''''NEW''''' ''nValue'' (33): (possibly confidential) amount of the previous output spent by this input, in fixed-length format
-*** '''''NEW''''' ''nNonce'' (33): (possibly confidential) nonce of the previous output spent by this input, in fixed-length format
 *** ''scriptPubKey'' (35): ''scriptPubKey'' of the previous output spent by this input, serialized as script inside <code>CTxOut</code>. Its size is always 35 bytes.
 *** ''nSequence'' (4): ''nSequence'' of this input.
 *** '''''NEW''''' ''asset_issuance'' (130): if ''outpoint_flag & 0x80 == 0x80'': asset issuance(fields for ''nInflationKeys'' and ''nAmount'' are serialized in fixed-length format) data of this input; otherwise 130 zero bytes
@@ -58,7 +57,7 @@ If the parameters take acceptable values, the message is the concatenation of th
 *** ''sha_annex'' (32): the SHA256 of ''(compact_size(size of annex) || annex)'', where ''annex'' includes the mandatory ''0x50'' prefix.
 * Data about this output:
 ** If ''hash_type & 3'' equals <code>SIGHASH_SINGLE</code>:
-*** ''sha_single_output'' (32): the SHA256 of the corresponding output in extended <code>CTxOut</code> format.
+*** ''sha_single_output'' (32): the SHA256 of the corresponding output in sighash <code>CTxOut</code> format.
 *** '''''NEW''''' ''sha_single_output_witness'' (32): the SHA256 of the serialization of the corresponding output witnesses (rangeproof and surjection proof) in <code>CTxOutWitness</code> format.
 
 The total length of ''SigMsg()'' is ''443'' bytes for <code>ANYONECANPAY</code> sighashes, ''366'' bytes for non-<code>ANYONECANPAY</code> sighashes, and both numbers are reduced by 64 bytes for <code>SIGHASH_NONE</code> sighashes. Note that this does not include the size of sub-hashes such as ''sha_prevouts'', which may be cached across signatures of the same transaction.