Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2015-01-21 📝 Original message:On Wed, Jan 21, 2015 at ...
📅 Original date posted:2015-01-21
📝 Original message:On Wed, Jan 21, 2015 at 2:29 PM, Douglas Roark <doug at bitcoinarmory.com> wrote:
> Nice paper, Pieter. I do have a bit of feedback.
Thanks for the comments. I hope I have clarified the text a bit accordingly.
> 1)The first sentence of "Deployment" has a typo. "We reuse the
> double-threshold switchover mechanism from BIP 34, with the same
> *thresholds*, [....]"
Fixed.
> 2)I think the handling of the sighash byte in the comments of
> IsDERSignature() could use a little tweaking. If you look at
> CheckSignatureEncoding() in the actual code (src/script/interpreter.cpp
> in master), it's clear that the sighash byte is included as part of the
> signature struct, even though it's not part of the actual DER encoding
> being checked by IsDERSignature(). This is fine. I just think that the
> code comments in the paper ought to make this point clearer, either in
> the sighash description, or as a comment when checking the sig size
> (i.e., size-3 is valid because sighash is included), or both.
I've renamed the function to IsValidSignatureEncoding, as it is not
strictly about DER (it adds a Bitcoin-specific byte, and supports and
empty string too).
> 3)The paper says a sig with size=0 is correctly coded but is neither
> valid nor DER. Perhaps this code should be elsewhere in the Bitcoin
> code? It seems to me that letting a sig pass in IsDERSignature() when
> it's not actually DER-encoded is incorrect.
I've expanded the comments about it a bit.
--
Pieter
📝 Original message:On Wed, Jan 21, 2015 at 2:29 PM, Douglas Roark <doug at bitcoinarmory.com> wrote:
> Nice paper, Pieter. I do have a bit of feedback.
Thanks for the comments. I hope I have clarified the text a bit accordingly.
> 1)The first sentence of "Deployment" has a typo. "We reuse the
> double-threshold switchover mechanism from BIP 34, with the same
> *thresholds*, [....]"
Fixed.
> 2)I think the handling of the sighash byte in the comments of
> IsDERSignature() could use a little tweaking. If you look at
> CheckSignatureEncoding() in the actual code (src/script/interpreter.cpp
> in master), it's clear that the sighash byte is included as part of the
> signature struct, even though it's not part of the actual DER encoding
> being checked by IsDERSignature(). This is fine. I just think that the
> code comments in the paper ought to make this point clearer, either in
> the sighash description, or as a comment when checking the sig size
> (i.e., size-3 is valid because sighash is included), or both.
I've renamed the function to IsValidSignatureEncoding, as it is not
strictly about DER (it adds a Bitcoin-specific byte, and supports and
empty string too).
> 3)The paper says a sig with size=0 is correctly coded but is neither
> valid nor DER. Perhaps this code should be elsewhere in the Bitcoin
> code? It seems to me that letting a sig pass in IsDERSignature() when
> it's not actually DER-encoded is incorrect.
I've expanded the comments about it a bit.
--
Pieter