1
0
mirror of https://github.com/bitcoin/bips.git synced 2025-10-20 14:07:26 +00:00

3507 Commits

Author SHA1 Message Date
Luke Dashjr
feb5395fe0
Merge pull request #867 from dgpv/patch-7
BIP-174: test data: fix value length
2019-12-13 16:06:26 +00:00
Luke Dashjr
675a14b23c
Merge pull request #865 from benthecarman/patch-1
BIP 174: Specifiy that the 32 bit ints are unsigned
2019-12-13 16:05:26 +00:00
Jonas Nick
633cca9b1c Replace private key with secret key 2019-12-13 13:25:16 +00:00
Tim Ruffing
ff2b53737c
Mention that we don't change the hash function 2019-12-13 12:11:50 +01:00
Pieter Wuille
aa18fdb07e Low-S ECDSA is non-malleable under nonstandard assumptions 2019-12-12 16:26:50 -08:00
Pieter Wuille
993a1ccdf1
Merge pull request #175 from real-or-random/patch-13
Clarify why we don't want short hashes
2019-12-12 17:34:53 -05:00
Tim Ruffing
92582c2a33
Clarify why we don't want short hashes
This is supposed to supersede https://github.com/sipa/bips/pull/158.
I tried to say this carefully. I don't think that multiparty signing is in general broken with short hashes. For example the attack in #158 could be avoided by letting everybody not only commit to the nonce but also to the message. It's just that using a collision-resistant hash just eliminates the problem entirely...
2019-12-12 22:49:21 +01:00
Pieter Wuille
b1d93cdd2c
Merge pull request #174 from hebasto/patch-1
Fix reference formatting
2019-12-11 20:25:49 -05:00
Pieter Wuille
2d68aea170
Merge pull request #161 from OrfeasLitos/max-sig-unhashed-bytes
Typo: max bytes hashed for sig is 210
2019-12-11 20:00:02 -05:00
Pieter Wuille
2a2d4231ff
Merge pull request #154 from OrfeasLitos/replace-66-with-146
Replace BIP66 link with BIP146
2019-12-11 19:59:33 -05:00
Pieter Wuille
16d34fafa1
Merge pull request #166 from stefanwouldgo/patch-3
fix singular/plural ambiguity
2019-12-11 19:59:06 -05:00
Pieter Wuille
4b4c656790
Merge pull request #162 from OrfeasLitos/signing-validation
Replace signing with signature before validation
2019-12-11 19:58:52 -05:00
Ben Carman
e097b1d38a
BIP 174: Specify that separator only appears at end of the map 2019-12-11 15:53:06 -06:00
Hennadii Stepanov
2e0c9435a8
Fix reference formatting 2019-12-11 15:33:39 +02:00
stefanwouldgo
cc6fa25c79 fix singular/plural ambiguity 2019-12-11 10:30:01 +01:00
Pieter Wuille
4b25ff7b92
Merge pull request #148 from OrfeasLitos/link-implicit-y-proof-sketch
Link to proof sketch of security of implicit Y
2019-12-10 18:58:28 -05:00
Pieter Wuille
2a738c6956
Merge pull request #165 from OrfeasLitos/wtxid-malleability
Mention hash_type malleability would change wtxid
2019-12-10 18:54:17 -05:00
Pieter Wuille
9194a7b582
Merge pull request #171 from jonasnick/footnote16
Clarify bip-taproot digest difference to bip143 regarding sub-hashes
2019-12-10 18:46:51 -05:00
Pieter Wuille
a9190ff92b
Merge pull request #172 from jonasnick/footnote9
Improve clarity of footnotes for lift_x
2019-12-10 18:45:19 -05:00
Pieter Wuille
034e97bd6e
Merge pull request #170 from jonasnick/footnote7
Fix footnote 7 and remove references to Euler's criterion
2019-12-10 17:20:22 -05:00
Pieter Wuille
017ca0c69b
Merge pull request #173 from kallerosenbaum/bip-schnorr
Nits
2019-12-10 17:11:53 -05:00
Kalle Rosenbaum
fd898f118a Fix @jonasnick's comment 2019-12-10 22:01:43 +01:00
Kalle Rosenbaum
adf4d78e6c Nits 2019-12-09 21:20:40 +01:00
Dmitry Petukhov
65f0b3dd62
BIP-174: test data: fix value length
In the test case "Case: PSBT With invalid output witnessScript typed key", after PSBT_OUT_WITNESS_SCRIPT key with garbage data (which ends with `...478ef51309d`, follows value `2b` which would denote the length of the data value of the key. But the length of actual remaining data is only 7 bytes. Thus, an implementation that reads key-value pairs and checks for validity of the key data after it has read the current key-value pair, will not be able to hit the exact condition intended for this test case: extra data within the key itself. This is because such implementation will hit serialization error when it will try to read the data of the value and will get the short read.

Reading full key-value pair and then checking key format afterwards is fairly normal thing to do, as the format of the keys with all their meaning is an abstraction of higher level than just the simple key-value serialization format.

The proposed change is to replace byte `2b` after the key data to `06` and thus make the value length in the key-value pair valid (not going beyond the end of the data).

base64 encoding has been changed accordingly.
2019-12-09 17:30:47 +05:00
Ben Carman
c7191c935e
Specify 32 bit itns as unsigned and their endianess 2019-12-09 01:44:43 -06:00
Dmitry Petukhov
267c02a4b5
BIP174: remove 'first byte is the type' comment for key data
As the key type is now defined as compact size integer, `At the beginning of each key is a compact size unsigned integer representing the type`, the comment in the first table in the document, about first byte of the key being the key type is no longer accurate.

As the structure of the key data is described further in the text after the table, and the comment that it starts with the compact size integer seems a bit long to be in that table, I think it is better to just remove the comment about the key data structure from the table, and leave the explanation to the text after the table.
2019-12-09 12:21:09 +05:00
Jonas Nick
93e1921d83 Improve clarity of footnotes for lift_x 2019-12-04 20:21:52 +00:00
Jonas Nick
2c6b472e9c Clarify bip-taproot digest difference to bip143 regarding sub-hashes 2019-11-29 16:32:44 +00:00
Pieter Wuille
4c638b3843
Merge pull request #164 from OrfeasLitos/neither-instead-of-both
Replace "both are not" with "neither is"
2019-11-29 11:03:54 -05:00
Jonas Nick
382a1d19a0 Replace references to Euler's criterion with Legendre symbol in bip-schnorr 2019-11-29 15:48:22 +00:00
Jonas Nick
3acb150829 Fix bip-schnorr footnote 7 by specifying that we're referring to P's y coordinate and not some undefined 'x' 2019-11-29 15:48:02 +00:00
Pieter Wuille
075823bdd5
Merge pull request #169 from andrewtoth/patch-1
Add missing closing parenthesis and comma
2019-11-28 23:37:51 -05:00
andrewtoth
6a72458bf9
Update bip-tapscript.mediawiki 2019-11-29 04:01:53 +00:00
andrewtoth
83e886ce07
Add missing closing parenthesis and comma 2019-11-29 03:57:00 +00:00
Orfeas Stefanos Thyfronitis Litos
2e79be9f72
Mention that miners could malleate signatures 2019-11-26 15:30:12 +00:00
Pieter Wuille
1650cacac0
Merge pull request #156 from hebasto/20191123-grammar-and-reference
Fix paragraph naming and typo
2019-11-26 07:07:20 -08:00
Pieter Wuille
3d3bd7660c
Merge pull request #160 from OrfeasLitos/clarify-choices
Rephrase "previous design choice" to "list above"
2019-11-26 06:54:21 -08:00
Pieter Wuille
9648889b4f
Merge pull request #150 from stefanwouldgo/patch-1
grammar typo fix: inserted "be"
2019-11-26 06:42:10 -08:00
Orfeas Litos
b44d5c9531
Mention hash_type malleability would change wtxid 2019-11-26 12:43:34 +00:00
Orfeas Litos
7ec4ce9a8d
Replace "both are not" with "neither is" 2019-11-26 12:39:34 +00:00
Pieter Wuille
88778d77e8
Merge pull request #155 from jonasnick/negate
Rename is_y_square to is_negated in taproot signing
2019-11-25 13:41:48 -08:00
Orfeas Stefanos Thyfronitis Litos
633b52fbc0
Typo: script signature max bytes unhashed are 247 2019-11-25 16:50:11 +00:00
Orfeas Stefanos Thyfronitis Litos
1e1795de46
Replace signing with signature before validation 2019-11-25 16:43:05 +00:00
Orfeas Stefanos Thyfronitis Litos
75d753868c
Typo: max bytes hashed for sig is 210 2019-11-25 16:25:24 +00:00
Orfeas Stefanos Thyfronitis Litos
8ca122e8fe
Rephrase "previous design choice" to "list above" 2019-11-25 12:25:19 +00:00
Hennadii Stepanov
4fa7cba641
Fix paragraph naming and typo 2019-11-23 21:27:44 +02:00
Jonas Nick
9208857b92 Rename is_y_square to is_negated in taproot signing 2019-11-22 20:40:20 +00:00
Orfeas Stefanos Thyfronitis Litos
fbd304575f
Replace BIP66 link with BIP146
BIP66 does not mention the inherent ECDSA malleability, but BIP146 does
2019-11-22 11:41:36 +00:00
Pieter Wuille
51c2c12158
Merge pull request #151 from dgpv/patch-5
Nit: bip-schnorr: Add missing dots that denote multiplication
2019-11-21 11:33:09 -08:00
Dmitry Petukhov
75b464ad76
Add missing dots that denote multiplication
Throughout the document, elliptic curve multiplication is denoted with dots,
as in `d'⋅G` as opposed to `d'G`.
This is not the case in one place in the 'Default Signing' section,
and one place in 'Adaptor Signatures' section

Missing dots are added for consistency.
2019-11-22 00:21:05 +05:00