Russell O'Connor [ARCHIVE] on Nostr: 📅 Original date posted:2023-02-07 🗒️ Summary of this message: A bug in ...
📅 Original date posted:2023-02-07
🗒️ Summary of this message: A bug in Taproot allows the same Tapleaf to be repeated multiple times, incurring different Tapfee rates. Always know the entire Taptree when interacting with someone's Tapspend.
📝 Original message:There is a bug in Taproot that allows the same Tapleaf to be repeated
multiple times in the same Taproot, potentially at different Taplevels
incurring different Tapfee rates.
The countermeasure is that you should always know the entire Taptree when
interacting with someone's Tapspend.
On Tue, Feb 7, 2023 at 1:10 PM Andrew Poelstra via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Some people highlighted some minor problems with my last email:
>
> On Tue, Feb 07, 2023 at 01:46:22PM +0000, Andrew Poelstra via bitcoin-dev
> wrote:
> >
> > <snip>
> >
> > [1] https://bitcoin.sipa.be/miniscript/
> > [2] In Taproot, if you want to prevent signatures migrating to another
> > branch or within a branch, you can use the CODESEPARATOR opcode
> > which was redisegned in Taproot for exactly this purpose... we
> > really did about witness malleation in its design!
>
> In Taproot the tapleaf hash is always covered by the signature (though
> not in some ANYONECANPAY proposals) so you can never migrate signatures
> between tapbranches.
>
> I had thought this was the case, but then I re-confused myself by
> reading BIP 341 .... which has much of the sighash specified, but not
> all of it! The tapleaf hash is added in BIP 342.
>
> >
> > If you want to prevent signatures from moving around *within* a
> > branch,
> >
>
> And this sentence I just meant to delete :)
>
>
> --
> Andrew Poelstra
> Director of Research, Blockstream
> Email: apoelstra at wpsoftware.net
> Web: https://www.wpsoftware.net/andrew
>
> The sun is always shining in space
> -Justin Lewis-Webster
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230207/57930553/attachment.html>
🗒️ Summary of this message: A bug in Taproot allows the same Tapleaf to be repeated multiple times, incurring different Tapfee rates. Always know the entire Taptree when interacting with someone's Tapspend.
📝 Original message:There is a bug in Taproot that allows the same Tapleaf to be repeated
multiple times in the same Taproot, potentially at different Taplevels
incurring different Tapfee rates.
The countermeasure is that you should always know the entire Taptree when
interacting with someone's Tapspend.
On Tue, Feb 7, 2023 at 1:10 PM Andrew Poelstra via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Some people highlighted some minor problems with my last email:
>
> On Tue, Feb 07, 2023 at 01:46:22PM +0000, Andrew Poelstra via bitcoin-dev
> wrote:
> >
> > <snip>
> >
> > [1] https://bitcoin.sipa.be/miniscript/
> > [2] In Taproot, if you want to prevent signatures migrating to another
> > branch or within a branch, you can use the CODESEPARATOR opcode
> > which was redisegned in Taproot for exactly this purpose... we
> > really did about witness malleation in its design!
>
> In Taproot the tapleaf hash is always covered by the signature (though
> not in some ANYONECANPAY proposals) so you can never migrate signatures
> between tapbranches.
>
> I had thought this was the case, but then I re-confused myself by
> reading BIP 341 .... which has much of the sighash specified, but not
> all of it! The tapleaf hash is added in BIP 342.
>
> >
> > If you want to prevent signatures from moving around *within* a
> > branch,
> >
>
> And this sentence I just meant to delete :)
>
>
> --
> Andrew Poelstra
> Director of Research, Blockstream
> Email: apoelstra at wpsoftware.net
> Web: https://www.wpsoftware.net/andrew
>
> The sun is always shining in space
> -Justin Lewis-Webster
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230207/57930553/attachment.html>