Russell O'Connor [ARCHIVE] on Nostr: 📅 Original date posted:2018-06-01 📝 Original message:On Thu, May 31, 2018 at ...
📅 Original date posted:2018-06-01
📝 Original message:On Thu, May 31, 2018 at 2:35 PM, Johnson Lau via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Double SHA256 of the serialization of:
>
Should we replace the Double SHA256 with a Single SHA256? There is no
possible length extension attack here. Or are we speculating that there is
a robustness of Double SHA256 in the presence of SHA256 breaking?
I suggest putting `sigversion` at the beginning instead of the end of the
format. Because its value is constant, the beginning of the SHA-256
computation could be pre-computed in advance. Furthermore, if we make the
`sigversion` exactly 64-bytes long then the entire first block of the
SHA-256 compression function could be pre-computed.
Can we add CHECKSIGFROMSTACK or do you think that would go into a separate
BIP?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180601/6880054c/attachment.html>;
📝 Original message:On Thu, May 31, 2018 at 2:35 PM, Johnson Lau via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Double SHA256 of the serialization of:
>
Should we replace the Double SHA256 with a Single SHA256? There is no
possible length extension attack here. Or are we speculating that there is
a robustness of Double SHA256 in the presence of SHA256 breaking?
I suggest putting `sigversion` at the beginning instead of the end of the
format. Because its value is constant, the beginning of the SHA-256
computation could be pre-computed in advance. Furthermore, if we make the
`sigversion` exactly 64-bytes long then the entire first block of the
SHA-256 compression function could be pre-computed.
Can we add CHECKSIGFROMSTACK or do you think that would go into a separate
BIP?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180601/6880054c/attachment.html>;