You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 3, 2020. It is now read-only.
As stated in the protocol specification, in case of multisig addresses spending funds it's necessary that all the required signatures agree and include the same commitment.
Assuming that all the signers check the previous signatures, this allows the last signer to effectively burn all the tokens linked to the UTXO being spent by signing the transaction without the same commitment and broadcasting it to the network.
To overcome this issue my proposal is to ask the signers to sign just the proof first and add all these signatures in a "witness area" of the proof itself. Later, they will all sign the transaction and add the commitment to this proof. In this way, even if only one of the signers adds the commitment in its transaction signature, this is enough to prove that all the party agreed on the proof he owns, since he can also show all the signatures.
This will obviously increase the size of all the proofs coming from multisig addresses, but right now I don't see any other way to fix this. Any ideas?
The text was updated successfully, but these errors were encountered:
Update the references to a "meta-script language", to fix issue #23
Update the example to follow the concept of contract blueprints
Update the specification for multi-sig using sign-to-contract, to fix issue #10
After working on this for a while, we came to the conclusion that it would be too hard to make sign-to-contract work with multisigs. It could still be an option for single sigs though.
As stated in the
protocol specification
, in case of multisig addresses spending funds it's necessary that all the required signatures agree and include the same commitment.Assuming that all the signers check the previous signatures, this allows the last signer to effectively burn all the tokens linked to the UTXO being spent by signing the transaction without the same commitment and broadcasting it to the network.
To overcome this issue my proposal is to ask the signers to sign just the proof first and add all these signatures in a "witness area" of the proof itself. Later, they will all sign the transaction and add the commitment to this proof. In this way, even if only one of the signers adds the commitment in its transaction signature, this is enough to prove that all the party agreed on the proof he owns, since he can also show all the signatures.
This will obviously increase the size of all the proofs coming from multisig addresses, but right now I don't see any other way to fix this. Any ideas?
The text was updated successfully, but these errors were encountered: