📅 Original date posted:2019-10-05 📝 Original message:On Fri, Oct 04, 2019 at ...

Peter Todd [ARCHIVE] /

npub1m23…2np2

2023-06-07 18:20:57

in reply to nevent1q…xjtz

📅 Original date posted:2019-10-05
📝 Original message:On Fri, Oct 04, 2019 at 11:40:53AM -0700, Jeremy wrote:
> Interesting point.
>
> The script is under your control, so you should be able to ensure that you
> are always using a correctly constructed midstate, e.g., something like:
>
> scriptPubKey: <-1> OP_SHA256STREAM DEPTH OP_SHA256STREAM <-2>
> OP_SHA256STREAM
> <hash> OP_EQUALVERIFY
>
> would hash all the elements on the stack and compare to a known hash.
> How is that sort of thing weak to midstateattacks?

Obviously with care you can get the computation right. But at that point what's
the actual advantage over OP_CAT?

We're limited by the size of the script anyway; if the OP_CAT output size limit
is comparable to that for almost anything you could use SHA256STREAM on you
could just as easily use OP_CAT, followed by a single OP_SHA256.

--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20191005/213e4e81/attachment.sig>;

Author Public Key

npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2

Seen on

wss://relay.noswhere.com

Show more details

Published at

2023-06-07 18:20:57

Kind type

1 Short Text Note

Event JSON

{ "id": "679954516d5233f50621366090b93469c3247a309dc00da1841d69f8a6017ed6", "pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa", "created_at": 1686162057, "kind": 1, "tags": [ [ "e", "f5d60e0633c44726e87082df690527208a1c985e5db057ee7f891f220507de3a", "", "root" ], [ "e", "77aa4015d4b221adbe44ab8e1e6385a84081191ffdff121226dba15de975c114", "", "reply" ], [ "p", "01f53a3166b3b23139201763777e070fcfed5555ad7555f7e90114c0c9e0e8b4" ] ], "content": "📅 Original date posted:2019-10-05\n📝 Original message:On Fri, Oct 04, 2019 at 11:40:53AM -0700, Jeremy wrote:\n\u003e Interesting point.\n\u003e \n\u003e The script is under your control, so you should be able to ensure that you\n\u003e are always using a correctly constructed midstate, e.g., something like:\n\u003e \n\u003e scriptPubKey: \u003c-1\u003e OP_SHA256STREAM DEPTH OP_SHA256STREAM \u003c-2\u003e\n\u003e OP_SHA256STREAM\n\u003e \u003chash\u003e OP_EQUALVERIFY\n\u003e \n\u003e would hash all the elements on the stack and compare to a known hash.\n\u003e How is that sort of thing weak to midstateattacks?\n\nObviously with care you can get the computation right. But at that point what's\nthe actual advantage over OP_CAT?\n\nWe're limited by the size of the script anyway; if the OP_CAT output size limit\nis comparable to that for almost anything you could use SHA256STREAM on you\ncould just as easily use OP_CAT, followed by a single OP_SHA256.\n\n-- \nhttps://petertodd.org 'peter'[:-1]@petertodd.org\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 833 bytes\nDesc: not available\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20191005/213e4e81/attachment.sig\u003e", "sig": "69588a0bfdedf134bd99d47343a9e9a508a90d441c7d8dbbc6de435dee8c48edf66344d4ae4d594bf59419500b10f404466db2b991b0a6ba66d5427c697e5583" }