SIGHASH_WITHINPUTVALUE: Super-lightweight HW wallets and offline data

[oakpacific]

If someone wants to contribute, please state the time/cost required for such a task right here, I believe many people(at least me) will make an assessment.

I am working on this with Peter Todd's help - you can follow my progress here: https://github.com/ciyam/litecoin/tree/OP_CHECKSIGVERIFY2

So far I have only coded the version 3 block change as I am still undergoing quite a bit of a learning curve this might take some time but I am keen to see this through so assuming Peter doesn't lose patience with me we'll get there.

Thank you, noobish question: the code can be easily migrated to Bitcoin, right?

[CIYAM]

Thank you, noobish question: the code can be easily migrated to Bitcoin, right?

Yes - it shouldn't be very hard to re-implement the same for Bitcoin down the track (the code might not be identical but will be fairly close to it).

[justusranvier]

So a year after this thread was started efficient offline signing is still not possible, and there is no clear path for getting features like new hash types into the protocol, even though everything is versioned and upgrades have happened in the past.

[jl2012]

So a year after this thread was started efficient offline signing is still not possible, and there is no clear path for getting features like new hash types into the protocol, even though everything is versioned and upgrades have happened in the past.

It is trivial to implement this on a new alt-coin. For bitcoin, however, this requires a CHECKSIG 2.0 or even Script 2.0. I doubt we would ever see it

[justusranvier]

It is trivial to implement this on a new alt-coin. For bitcoin, however, this requires a CHECKSIG 2.0 or even Script 2.0. I doubt we would ever see it

Certainly altcoin pumpers have an incentive to spread the meme that it's impossible to upgrade Bitcoin, but that doesn't make it true.

[jl2012]

It is trivial to implement this on a new alt-coin. For bitcoin, however, this requires a CHECKSIG 2.0 or even Script 2.0. I doubt we would ever see it

Certainly altcoin pumpers have an incentive to spread the meme that it's impossible to upgrade Bitcoin, but that doesn't make it true.

Very good. I always want to have a Script 2.0 which support not only SIGHASH_WITHINPUTVALUE, but also more public key and hash algorithms, merklised syntax tree, OP_EVAL, OP_CAT, OP_SUBSTR, and more. All could be done with a soft-fork. Please code it and persuade 90% of miners to adopt it.

By the way, I own no altcoin

[TierNolan]

So the technical solution is simple:  Add a new SIGHASH type, which I dub SIGHASH_WITHINPUTVALUE.  This would have hashcode 0x10.  This would be OR'd with the existing hash types.  i.e. Currently all "regular" transactions are signed with (SIGHASH_ALL), now anyone who wants the benefit would sign with (SIGHASH_ALL | SIGHASH_WITHINPUTVALUE).  It is compatible with the existing hash types.

Sorry for necroing.

Would this actually be backward compatible?  An old client would just apply the SIGHASH_ALL procedure and then attempt to check the signature.  This would give the wrong answer since it would hash without the value.  You would have to have OP_CHECKSIG consume two signatures or something.