To be clear: I indeed meant to only allow 0 and 1 as booleans (or, more precisely: [] and [0x01]). Evaluating any stack element as a boolean that is not any of these would result in script failure.
The only places where this is relevant: * Inputs to OP_IF and OP_NOTIF (which are currently allowed to be any byte array). * Inputs to OP_BOOLAND and OP_BOOLOR (which are currently allowed to be any valid number). * The resulting final element on the stack for validity. The code for converting stack elements to booleans is also invoked for all OP_*VERIFY operators, but for those it is always the output of a previous operator, so it will not have any semantic impact. On Tue, Oct 14, 2014 at 1:09 AM, Peter Todd <p...@petertodd.org> wrote: > I noticed this awhile back myself. More interestingly, I remember > noticing some non-std scripts on mainnet that had opcodes that appeared > to be attempts to solve this issue with variations of the following: > > DUP > IF > 1 EQUALVERIFY > <do stuff> > ELSE > 0 EQUALVERIFY > <do stuff> > ENDIFo. > > I'll have to admit, I decided to keep quiet about it because it's a good > example of how relying on BIP62 for specialty contract applications that > absolutely need to avoid malleability for security reasons is a dubious > idea; it's hard to be sure that we've really gotten every relevant case > correct. I think my goal is to have the property that for every possible script, there is an equivalent one that is non-malleable. There are likely still holes in that idea, but at least for just standard scripts I think BIP62 (as is) covers this. And as your example points out (Greg and I discussed this, though we didn't come up with such a concise one), it is already possible for boolean inputs too. > I think a decent argument *for* doing this is that if a script author > fails to properly 'bool-ize' every boolean-using path that can have > non-minimal encodings in normal execution, you can always create a > nVersion=1 transaction manually to spend the output, preventing funds > from getting lost. Meanwhile in the general case of a compenent script > author having the canonical bool testing in every boolean-using opcode > saves a lot of bytes. The real question is whether there are use cases for not having this requirement. I can't come up with any, as that would imply a boolean that is also interpretable as a hash, a pubkey or a signature - all of which seems crpytographically impossible to ever result in false. -- Pieter ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
