Unified partial signature format #10674

Open
sipa opened this Issue Jun 27, 2017 · 4 comments

Comments

Projects
None yet
4 participants
Owner

sipa commented Jun 27, 2017

The current createrawtransaction + fundrawtransaction + signrawtransaction workflow is complicated by the fact that there is some information that needs to be passed out of band:

  • Signing requires access to the outputs being spent to know the scriptPubKey (and amount in BIP143).
  • For P2SH inputs, the signer must know the redeemscript
  • For P2WSH inputs, the signer must know the witness program

These are currently handled transparently by the fact that signrawtransaction has access to the wallet transactions, scripts, and node UTXO set. However, third party signers do not necessarily have access to this information.

Given that it is known in advance what signers will need when the unsigned transaction is constructed, I wonder if the easiest approach isn't creating a more generic partial transaction format that can store multiple extra records for each input (which don't go into the final transaction):

  • For non-witness transactions, the full previous transaction being spent from (so the fee can be computed trustlessly) should be included.
  • For witness transactions, the UTXO being spent.
  • The redeemscript and witness scripts for P2SH/P2WSH respectively.
  • Partial signatures for OP_CHECKMULTISIG (instead of hacking those inside the scriptSig before it's complete)

This would also simplify extending to more complicated script types in the future.

Contributor

dcousens commented Jun 27, 2017 edited

Wouldn't this be a BIP?
(on the basis that https://github.com/bitcoin/bitcoin has set the standard so far for partial signatures)

Owner

sipa commented Jun 27, 2017

@dcousens Once completed, I'd say yes. But here I'm just asking for some brainstorming about the approach.

Contributor

achow101 commented Jun 27, 2017

Why would the full previous transaction being spent from required for non-witness transactions? Isn't just the UTXO enough?

Owner

sipa commented Jun 27, 2017 edited

@achow101 The transaction creator could lie about the UTXO amount, resulting in you signing over a huge amount of money into fees. You need the full transaction to know that the fee is what is claimed. This is the reason why hardware wallets require seeing the full transactions being spent from.

In BIP143 that is no longer necessary, as the full UTXO being spent is included in the sighash. If you lie about UTXO amount, the signature won't be valid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment