SIGHASH_NONE & Transaction Malleability
13 mar. 2020
Joshua Henslee
https://www.youtube.com/watch?v=W48ElI6xeDY
A SIGHASH flag is used to indicate which part of the transaction is signed by the ECDSA signature. The mechanism provides a flexibility in constructing transactions. There are in total 6 different flag combinations that can be added to a digital signature in a transaction. Note that different inputs can use different SIGHASH flags enabling complex compositions of spending conditions.
NOTE: Currently all BitcoinSV transactions require an additional SIGHASH flag called SIGHASH_FORKID which is 0x00000040
Flag | Value including SIGHASH_FORKID | Value excluding SIGHASH_FORKID | Functional Meaning |
---|---|---|---|
SIGHASH_ALL | 0x00000041 | 0x00000001 | Sign all inputs and outputs |
SIGHASH_NONE | 0x00000042 | 0x00000002 | Sign all inputs and no output |
SIGHASH_SINGLE | 0x00000043 | 0x00000003 | Sign all inputs and the output with the same index |
SIGHASH_ALL | ANYONECANPAY | 0x000000C1 | 0x00000081 | Sign its own input and all outputs |
SIGHASH_NONE | ANYONECANPAY | 0x000000C2 | 0x00000082 | Sign its own input and no output |
SIGHASH_SINGLE | ANYONECANPAY | 0x000000C3 | 0x00000083 | Sign its own input and the output with the same index |
The tables below illustrate what is signed and what is not signed in an ECDSA siganture depending on the SIGHASH type used.
Items that are always signed
The signature on any input always signs the TXID and VOUT that comprise the Outpoint being spent as well as the version of the protocol that the transaction is being evaluated under and the locktime being applied to the transaction.
TxID | |||
Version | |||
Locktime | |||
Inputs | Outputs | ||
Unlocking Script | Locking Script | ||
Outpoint A | …..Sig Pa, Tx….. | Xa BSV | [ChecksigP1] |
Outpoint B | …..Sig Pb, Tx….. | Xb BSV | [ChecksigP2] |
… | … | … | … |
Outpoint N | …..Sig PN, Tx….. | XN BSV | [ChecksigPm] |
Items that are never signed
Unlocking scripts are never signed
TxID | |||
Version | |||
Locktime | |||
Inputs | Outputs | ||
Unlocking Script | Locking Script | ||
Outpoint A | …..Sig Pa, Tx….. | Xa BSV | [ChecksigP1] |
Outpoint B | …..Sig Pb, Tx….. | Xb BSV | [ChecksigP2] |
… | … | … | … |
Outpoint N | …..Sig PN, Tx….. | XN BSV | [ChecksigPm] |
SIGHASH_ALL
SIGHASH_ALL signs all inputs and outputs used to build the transaction. Once an input signed with SIGHASH_ALL is added to a transaction, the transaction’s details cannot be changed without that signature being invalidated.
TxID | |||
Version | |||
Locktime | |||
Inputs | Outputs | ||
Unlocking Script | Locking Script | ||
Outpoint A | …..Sig Pa, Tx….. | Xa BSV | [ChecksigP1] |
Outpoint B | …..Sig Pb, Tx….. | Xb BSV | [ChecksigP2] |
… | … | … | … |
Outpoint N | …..Sig PN, Tx….. | XN BSV | [ChecksigPm] |
SIGHASH_SINGLE
SIGHASH_SINGLE signs all inputs and the output that shares the same index as the input being signed. If that output or any inputs are changed that signature becomes invalidated.
TxID | |||
Version | |||
Locktime | |||
Inputs | Outputs | ||
Unlocking Script | Locking Script | ||
Outpoint A | …..Sig Pa, Tx….. | Xa BSV | [ChecksigP1] |
Outpoint B | …..Sig Pb, Tx….. | Xb BSV | [ChecksigP2] |
… | … | … | … |
Outpoint N | …..Sig PN, Tx….. | XN BSV | [ChecksigPm] |
SIGHASH_NONE
SIGHASH_NONE signs all inputs and no outputs. Any output can be changed without invalidating the signature however if any inputs are changed that signature becomes invalidated.
TxID | |||
Version | |||
Locktime | |||
Inputs | Outputs | ||
Unlocking Script | Locking Script | ||
Outpoint A | …..Sig Pa, Tx….. | Xa BSV | [ChecksigP1] |
Outpoint B | …..Sig Pb, Tx….. | Xb BSV | [ChecksigP2] |
… | … | … | … |
Outpoint N | …..Sig PN, Tx….. | XN BSV | [ChecksigPm] |
SIGHASH_ALL|ANYONECANPAY
`Once an input signed with SIGHASH_ALL|ANYONECANPAY is added to a transaction outputs cannot be changed or added without that signature being invalidated.
TxID | |||
Version | |||
Locktime | |||
Inputs | Outputs | ||
Unlocking Script | Locking Script | ||
Outpoint A | …..Sig Pa, Tx….. | Xa BSV | [ChecksigP1] |
Outpoint B | …..Sig Pb, Tx….. | Xb BSV | [ChecksigP2] |
… | … | … | … |
Outpoint N | …..Sig PN, Tx….. | XN BSV | [ChecksigPm] |
SIGHASH_SINGLE|ANYONECANPAY
SIGHASH_SINGLE|ANYONECANPAY signs the input being signed and the output that shares the same index. If that output is changed that signature becomes invalidated.
TxID | |||
Version | |||
Locktime | |||
Inputs | Outputs | ||
Unlocking Script | Locking Script | ||
Outpoint A | …..Sig Pa, Tx….. | Xa BSV | [ChecksigP1] |
Outpoint B | …..Sig Pb, Tx….. | Xb BSV | [ChecksigP2] |
… | … | … | … |
Outpoint N | …..Sig PN, Tx….. | XN BSV | [ChecksigPm] |
SIGHASH_NONE|ANYONECANPAY
SIGHASH_NONE|ANYONECANPAY signs a single inputs and no outputs. This type of signature can be used to easily assign funds to a person or smart-contract without creating an on-chain action.
TxID | |||
Version | |||
Locktime | |||
Inputs | Outputs | ||
Unlocking Script | Locking Script | ||
Outpoint A | …..Sig Pa, Tx….. | Xa BSV | [ChecksigP1] |
Outpoint B | …..Sig Pb, Tx….. | Xb BSV | [ChecksigP2] |
… | … | … | … |
Outpoint N | …..Sig PN, Tx….. | XN BSV | [ChecksigPm] |
Use cases
SIGHASH flags are useful when constructing smart contracts and negotiable transactions in payment channels.
Use Case 1 – Crowdfunding
Using ALL | ANYONECANPAY allows a transaction to have a fixed output or fixed outputs while keeping the input list open. That is, anyone can add their input with their signature to the transaction without invalidating all existing signatures.
Use Case 2 – Blank Check
Using NONE allows anyone to add their desired outputs to the transaction to claim the funds in the input.
Use Case 3 – Modular Transaction
Using SINGLE | ANYONECANPAY modularises a transaction. Any number of these transactions can be combined into one transaction.
References
https://github.com/bitcoin-sv/bitcoin-sv/blob/master/src/script/sighashtype.h
https://wiki.bitcoinsv.io/index.php/SIGHASH_flags
« Back to Glossary Index