Johnson Lau <jl2...@xbt.hk> writes: > I don’t think this has been mentioned: without signing the script or masked > script, OP_CODESEPARATOR becomes unusable or insecure with NOINPUT. > > In the new sighash proposal, we will sign the hash of the full script (or > masked script), without any truncation. To make OP_CODESEPARATOR works like > before, we will commit to the position of the last executed OP_CODESEPARATOR. > If NOINPUT doesn’t commit to the masked script, it will just blindly > committing to a random OP_CODESEPARATOR position, which a wallet couldn’t > know what codes are actually being executed.
My anti-complexity argument leads me to ask why we'd support OP_CODESEPARATOR at all? Though my argument is weaker here: no wallet need support it. But I don't see how OP_CODESEPARATOR changes anything here, wrt NOINPUT? Remember, anyone can create an output which can be spent by any NOINPUT, whether we go for OP_MASK or simply not commiting to the input script. Confused, Rusty. _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
