Bitcoin Stack Exchange
Bitcoin Stack Exchange

Questions tagged [sighash]

31 questions
10
votes
2 answers

How are SIGHASH flags encoded into a signature?

This page describes SIGHASH flags: OP_CHECKSIG extracts a non-stack argument from each signature it evaluates, allowing the signer to decide which parts of the transaction to sign. Since the signature protects those parts of the transaction from…
Nick ODell
  • 29,184
  • 11
  • 69
  • 129
7
votes
1 answer

Do we still need SIGHASH_NOINPUT for Lightning Network?

In the original Lightning whitepaper, Joseph Poon advocates using SIGHASH_NOINPUT so that we can create the first commitment transaction which references the funding transaction txid without actually signing the funding transaction. However that…
Ugam Kamat
  • 7,263
  • 2
  • 13
  • 38
6
votes
1 answer

Can't verify Taproot signatures that use SIGHASH_ANYONECANPAY

I wrote a program that verifies signatures for Taproot transactions using the secp256k1 library. My program works perfectly for SIGHASH_ALL, SIGHASH_NONE and SIGHASH_SINGLE. But in February, we saw the beginning of a huge wave of Taproot…
Zephyrus
  • 536
  • 2
  • 10
5
votes
1 answer

BIP118 (SIGHASH_NOINPUT) vs. ANYPREVOUT

I understand the motivation for SIGHASH_NOINPUT - it would help with offchain payment channels. It was proposed already in the Lightning paper but Eltoo will effectively work just with something like that. But what exactly is the ANYPREVOUT BIP…
fiction
  • 518
  • 2
  • 12
4
votes
1 answer

ScriptSig - what am I signing exactly?

So the scriptsig field in the transaction, is created with the signature and public key. In order to create the signature, we need the R and S values of a ECDSA signature. I figured how to sign a string with Secp256k1, but I haven't figured out…
user2298995
  • 193
  • 3
  • 14
4
votes
1 answer

Taproot Script Path - Multisig Invalid Schnorr Signature

I am trying to implement a script-path spend on taproot, where the 1 script is a 1 of 2 multisig (yes I know this isn't the most efficient way of achieving this outcome). I can get the key-path to work correctly, and I have calculated all of the…
Peter
  • 115
  • 5
3
votes
1 answer

"mandatory-script-verify-flag-failed (signature must be zero for failed check(multi)sig operation)"

I forked the openwallet-android so that I could add my coin - (placeholders) placeh.io. The openwallet-android connects to electrumx server. I am able to get my chain to load correctly in electrumx server. The openwallet correctly reads the balance…
xagau
  • 51
  • 4
3
votes
2 answers

Why is the signature hash different for each input in a multi-input transaction?

In pre-BIP143 signature hashes, I know that the signature hash differs because you have to substitute the previous scriptPubKey for each input and thus the serialization changes. The question is why? If the HASH_TYPE is SIGHASH_ALL, why does the…
Jimmy Song
  • 7,709
  • 16
  • 35
3
votes
1 answer

Do new SIGHASH types need a hard fork or a soft fork?

There have been a few new sighash types proposed. SIGHASH_NORMALIZED : Use a 'normalized' TXID in the inputs when serializing for signing. This normalized transaction id is calculated by removing the scriptSigs of the transaction that you are…
morsecoder
  • 14,008
  • 2
  • 42
  • 92
3
votes
1 answer

How is Transaction malleability affected by SIGHASH flags?

SIGHASH flags allow for the flexible alteration of a transaction. Given that there are legitimate usages of SIGHASH, and changing a Tx (and presumably the TxID as well), what is the correct way of using Sighash w.r.t. a TxID and tracking its…
makerofthings7
  • 12,656
  • 11
  • 60
  • 129
3
votes
2 answers

Code for computing SigHash for various input types

I am looking for code examples (in rust-bitcoin, but even in Python) of how to calculate sighash for various input types. Specifically, I need to calculate the sighashes for M of N multisig unlocking script inputs for these transaction types: P2MS,…
Alec Matusis
  • 143
  • 4
3
votes
1 answer

How do you commit to the previous output's amount when signing a segwit input with rust-bitcoin?

I'm trying to sign a segwit transaction in rust-bitcoin. To start with, my transaction setup looks as follows: let previous_output = OutPoint::new(Txid::from_hex("991ab2b13f6bc6c13002d79d5e9775626a5e7328e14cd16837d50d1cc637dc6a").unwrap(), 0); let…
arik
  • 218
  • 1
  • 9
2
votes
1 answer

Where to find the sighash type?

Where can I find the sighash type specified in a script? Is it included in the scriptsig?
Quin Noaj
  • 41
  • 4
2
votes
2 answers

How do you calculate a taproot sighash?

I'm having trouble manually recreating the taproot sighash from the example below. I used btcdeb to pass in an input transaction (with a P2TR output), and a valid tx that spends from it. In the logs it shows the components of the sighash message,…
Darius
  • 779
  • 4
  • 16
2
votes
1 answer

Segwit includes the input amount in the SignatureHash. What possible attack can this prevent?

Legacy transactions only include transaction components in the SignatureHash, but segwit transactions also add the amounts of inputs in the SignatureHash. Quoting from the Mastering Bitcoin Book: Segregated Witness signatures incorporate the value…
The Quantum Physicist
  • 224
  • 1
  • 10
1
2 3