8000 BIP118 signatures should commit to full path to tapleaf · Issue #19 · bitcoin-inquisition/bitcoin · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
BIP118 signatures should commit to full path to tapleaf #19
New issue
New issue
Open
Open
BIP118 signatures should commit to full path to tapleaf#19
Labels
bip118
@ajtowns

Description

@ajtowns
ajtowns
opened on Feb 12, 2023

Standard BIP342 tapscript signatures suffer from a malleability issue: if a taproot address contains two identical script paths, eg:

  TapBranch(
     TapLeaf(A),
     TapBranch(
         TapLeaf(B),
         TapBranch( TapLeaf(C), TapLeaf(A) )
     )
  )

Then you can replace the single-entry path (B,CA) with the three-entry path (A), (B), (C) without invalidating any signatures, and decreasing the fee rate of the transaction due to the fee staying the same while the witness data increases.

To remedy this, BIP118 should be changed to commit to the full merkle path being used to reach the leaf unless ANYPREVOUTANYSCRIPT is specified (in which case the tapleaf is not committed to either).

Metadata

Metadata

Assignees

No one assigned

    Labels

    bip118

    Type

    No type

    Projects

    Inquisition 24.0 Queue

    Status

    Call for Interest

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0