You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: zips/zip-0246.rst
+44-21Lines changed: 44 additions & 21 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,41 +32,58 @@ field, as specified in section 7.1 of the Zcash protocol specification
32
32
Abstract
33
33
========
34
34
35
-
This ZIP defines the digest algorithms associated with the v6 transaction format.
36
-
37
-
This proposal also defines the new concept of "sighash versioning": where previously
38
-
each transaction version had a single associated digest algorithm, going forward it
39
-
will be possible for signers to use any digest algorithm within the closed set
40
-
specified for a given transaction version (and made available in consensus via network
41
-
upgrades).
35
+
This ZIP defines the sighash algorithms associated with the v6 transaction
36
+
format.
42
37
38
+
This proposal also defines the new concept of "sighash algorithm versioning":
39
+
where previously each transaction version had a single associated sighash
40
+
algorithm, going forward it will be possible for signers to use any sighash
41
+
algorithm within the closed set specified for a given transaction version (and
42
+
made available in consensus via network upgrades).
43
43
44
44
==========
45
45
Motivation
46
46
==========
47
47
48
-
TBD
49
-
50
-
TODO: Motivate sighash versioning
48
+
The motivation for sighash algorithm versioning is that we want to be able to
49
+
specify the V6 transaction format and signatures without knowing what the
50
+
signatures for atomic swaps in action bundles will need to commit to. This
51
+
allows for future signature hash algorithms to be specified for V6 transactions
52
+
that support signing parts of a transaction while leaving the remainder of the
53
+
transaction malleable, or that commit to additional state that nodes may start
54
+
tracking in a future upgrade and that is not part of an individual transaction
55
+
being signed.
51
56
57
+
Being able to remove support for sighash algorithm versions makes it possible
58
+
to respond effectively in the case that a bug is found in a previously deployed
59
+
sighash algorithm.
52
60
53
61
============
54
62
Requirements
55
63
============
56
64
57
-
- Continue to support existing functionality of the protocol (multisig,
65
+
- Continue to support existing functionality of the protocol (e.g. multisig and
58
66
signing modes for transparent inputs).
59
67
60
-
- It should be possible to update this ZIP with additional digest versions after the first
61
-
version has been deployed in a network upgrade.
68
+
- It should be possible to update this ZIP with additional sighash algorithm
69
+
versions that might have divergent behavior with respect to previous
70
+
versions, after previous versions have been deployed in network upgrades.
71
+
72
+
- It should be possible to disable support for sighash algorithm versions in
73
+
network upgrades.
62
74
75
+
- At the time that one is making a signature, the set of valid sighash
76
+
algorithm versions is known to consensus.
77
+
78
+
- Sighash version information is present alongside the signature.
63
79
64
80
================
65
81
Non-requirements
66
82
================
67
83
68
-
TBD
69
-
84
+
- Sighash algorithm versioning as defined in this ZIP does not need to
85
+
constrain how signature hashes are constructed for future transaction
86
+
versions.
70
87
71
88
=============
72
89
Specification
@@ -79,21 +96,27 @@ Sighash versioning
79
96
Rough summary:
80
97
81
98
- Sighash versions are numbered starting from 0 for each tx version.
82
-
- v0 is by convention the "commit to everything" sighash digest. Other versions can commit to whatever makes sense for desired functionality within that tx version.
83
-
- Have a single byte encoded alongside the signature (not appended the way transparent does) that permits the signer to specify which sighash version they are using.
84
-
- Consensus rules choose the digest algorithm for each signer based on that byte.
99
+
- v0 is by convention the "commit to all effecting data" sighash algorithm. Other
100
+
versions can commit to whatever makes sense for desired functionality within
101
+
that tx version.
102
+
- Have a single byte encoded alongside the signature (not appended in the manner
103
+
of transparent sighash types) that permits the signer to specify which sighash
104
+
algorithm version they are using.
105
+
- Consensus rules choose the digest algorithm for each signer based on that
106
+
byte.
85
107
86
108
----------
87
109
v0 Digests
88
110
----------
89
111
90
-
The v0 digests are based on the v5 transaction digest algorithm defined in ZIP 244 [#zip-0244]_.
112
+
The v0 digests are based on the v5 transaction digest algorithm defined in
113
+
ZIP 244 [#zip-0244]_.
91
114
92
115
TxId Digest
93
116
===========
94
117
95
-
The overall structure of the TxID digest is as follows; each name referenced here will either be
96
-
referenced or described in detail below::
118
+
The overall structure of the TxID digest is as follows; each name referenced
119
+
here will either be referenced or described in detail below::
0 commit comments