Bitcoin Forum

I didn't quite understand how SIGHASH_ALL and SIGHASH_NONE deal with other inputs. Do these hashtypes sign all other inputs as well? Or does SIGHASH_ALL sign all inputs and SIGHASH_NONE doesn't?

Balloon

Yes, except for the SIGHASH_ANYONECANPAY flag (which causes only one input to be signed), the sighash type does not affect which inputs are signed. In all cases, the current script is replaced by the scriptPubKey of the output it's spending, and the remaining scripts are blanked out.

An extra oddity is that in the SIGHASH_NONE and SIGHASH_SINGLE cases, the other inputs also have their sequence number blanked out.

Thank you for your answer! I'm still a little confused about the sequence number being blanked out. What does that mean? Does that mean the order of the inputs doesn't matter anymore?

Balloon

No, the sequence number is a hint to miners; usually it is set to 255 (its maximum value). If not, you can sign a transaction where the signed input has sequence number 0, tweak it and increment to sequence number 1, tweak it again with sequence number 2, and so on. Each tweak requires a new signature, so the sequence number tells miners which of the conflicting transactions is the "real" one.

How useful this is, I don't know. You can't enforce miners respecting the sequence number, so any protocol depending on it can be trivially broken by colluding with miners. Maybe somebody will step in with a usecase, but I suspect this feature was not well-thought-out when it was introduced.

The ordering of inputs within a transaction is always fixed; if you reorder the inputs, then any non-SIGHASH_ANYONECANPAY inputs will need to be resigned.