SIGHASH flags

SIGHASH_NONE & Transaction Malleability
13 mar. 2020
Joshua Henslee
https://www.youtube.com/watch?v=W48ElI6xeDY

 

A SIGHASH flag is used to indicate which part of the transaction is signed by the ECDSA signature. The mechanism provides a flexibility in constructing transactions. There are in total 6 different flag combinations that can be added to a digital signature in a transaction. Note that different inputs can use different SIGHASH flags enabling complex compositions of spending conditions.

NOTE: Currently all BitcoinSV transactions require an additional SIGHASH flag called SIGHASH_FORKID which is 0x00000040

Flag Value including SIGHASH_FORKID Value excluding SIGHASH_FORKID Functional Meaning
SIGHASH_ALL 0x00000041 0x00000001 Sign all inputs and outputs
SIGHASH_NONE 0x00000042 0x00000002 Sign all inputs and no output
SIGHASH_SINGLE 0x00000043 0x00000003 Sign all inputs and the output with the same index
SIGHASH_ALL | ANYONECANPAY 0x000000C1 0x00000081 Sign its own input and all outputs
SIGHASH_NONE | ANYONECANPAY 0x000000C2 0x00000082 Sign its own input and no output
SIGHASH_SINGLE | ANYONECANPAY 0x000000C3 0x00000083 Sign its own input and the output with the same index

The tables below illustrate what is signed and what is not signed in an ECDSA siganture depending on the SIGHASH type used.

Items that are always signed

The signature on any input always signs the TXID and VOUT that comprise the Outpoint being spent as well as the version of the protocol that the transaction is being evaluated under and the locktime being applied to the transaction.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A …..Sig Pa, Tx….. Xa BSV [ChecksigP1]
Outpoint B …..Sig Pb, Tx….. Xb BSV [ChecksigP2]
Outpoint N …..Sig PN, Tx….. XN BSV [ChecksigPm]

Items that are never signed

Unlocking scripts are never signed

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A …..Sig Pa, Tx….. Xa BSV [ChecksigP1]
Outpoint B …..Sig Pb, Tx….. Xb BSV [ChecksigP2]
Outpoint N …..Sig PN, Tx….. XN BSV [ChecksigPm]

SIGHASH_ALL

SIGHASH_ALL signs all inputs and outputs used to build the transaction. Once an input signed with SIGHASH_ALL is added to a transaction, the transaction’s details cannot be changed without that signature being invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A …..Sig Pa, Tx….. Xa BSV [ChecksigP1]
Outpoint B …..Sig Pb, Tx….. Xb BSV [ChecksigP2]
Outpoint N …..Sig PN, Tx….. XN BSV [ChecksigPm]

SIGHASH_SINGLE

SIGHASH_SINGLE signs all inputs and the output that shares the same index as the input being signed. If that output or any inputs are changed that signature becomes invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A …..Sig Pa, Tx….. Xa BSV [ChecksigP1]
Outpoint B …..Sig Pb, Tx….. Xb BSV [ChecksigP2]
Outpoint N …..Sig PN, Tx….. XN BSV [ChecksigPm]

SIGHASH_NONE

SIGHASH_NONE signs all inputs and no outputs. Any output can be changed without invalidating the signature however if any inputs are changed that signature becomes invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A …..Sig Pa, Tx….. Xa BSV [ChecksigP1]
Outpoint B …..Sig Pb, Tx….. Xb BSV [ChecksigP2]
Outpoint N …..Sig PN, Tx….. XN BSV [ChecksigPm]

SIGHASH_ALL|ANYONECANPAY

`Once an input signed with SIGHASH_ALL|ANYONECANPAY is added to a transaction outputs cannot be changed or added without that signature being invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A …..Sig Pa, Tx….. Xa BSV [ChecksigP1]
Outpoint B …..Sig Pb, Tx….. Xb BSV [ChecksigP2]
Outpoint N …..Sig PN, Tx….. XN BSV [ChecksigPm]

SIGHASH_SINGLE|ANYONECANPAY

SIGHASH_SINGLE|ANYONECANPAY signs the input being signed and the output that shares the same index. If that output is changed that signature becomes invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A …..Sig Pa, Tx….. Xa BSV [ChecksigP1]
Outpoint B …..Sig Pb, Tx….. Xb BSV [ChecksigP2]
Outpoint N …..Sig PN, Tx….. XN BSV [ChecksigPm]

SIGHASH_NONE|ANYONECANPAY

SIGHASH_NONE|ANYONECANPAY signs a single inputs and no outputs. This type of signature can be used to easily assign funds to a person or smart-contract without creating an on-chain action.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A …..Sig Pa, Tx….. Xa BSV [ChecksigP1]
Outpoint B …..Sig Pb, Tx….. Xb BSV [ChecksigP2]
Outpoint N …..Sig PN, Tx….. XN BSV [ChecksigPm]

Use cases

SIGHASH flags are useful when constructing smart contracts and negotiable transactions in payment channels.

Use Case 1 – Crowdfunding

Using ALL | ANYONECANPAY allows a transaction to have a fixed output or fixed outputs while keeping the input list open. That is, anyone can add their input with their signature to the transaction without invalidating all existing signatures.

Use Case 2 – Blank Check

Using NONE allows anyone to add their desired outputs to the transaction to claim the funds in the input.

Use Case 3 – Modular Transaction

Using SINGLE | ANYONECANPAY modularises a transaction. Any number of these transactions can be combined into one transaction.

References

https://github.com/bitcoin-sv/bitcoin-sv/blob/master/src/script/sighashtype.h

https://wiki.bitcoinsv.io/index.php/SIGHASH_flags

« Back to Glossary Index

Written by Ramon Quesada

Passionate about Blockchain & Bitcoin technology since 2013, Co- Founder of https://avalbit.org, Team Manager in the CoinTelegraph Spain franchise (2016-2017 years) Co. Organizer of the Blockchain Boot camp Valencia 2018, Co. Organizer of the mini Hackathon BitcoinSV Barcelona, in August 2019, current coordinator of the BSV Valencia Meetup. https://telegra.ph/Ramon-Quesada---Links-01-10

SHA-256

Satoshis