Difference between revisions of "SIGHASH flags"

 
(22 intermediate revisions by 2 users not shown)
Line 1: Line 1:
A SIGHASH flag is used to indicate which part of the transaction is signed by the [[Digital Signatures (ECDSA) | ECDSA signature]]. The mechanism provides a flexibility in constructing transactions. There are in total 6 different flags that can be added to a digital signature in a transaction. Note that different inputs can use different SIGHASH flags enabling complex compositions of spending conditions.
+
A SIGHASH [[flag]] is used to indicate which part of the transaction is signed by the [[Elliptic Curve Digital Signature Algorithm| ECDSA signature]]. The mechanism provides a flexibility in constructing transactions. There are in total 6 different flag combinations that can be added to a digital signature in a transaction. Note that different inputs can use different SIGHASH flags enabling complex compositions of spending conditions.
 +
 
 +
'''NOTE: Currently all BitcoinSV transactions require an additional SIGHASH flag called SIGHASH_FORKID which is 0x40'''
  
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
 
! Flag
 
! Flag
! Value
+
! Value including SIGHASH_FORKID </br> HEX / BINARY
 +
! Value excluding SIGHASH_FORKID </br> HEX / BINARY
 
! Functional Meaning
 
! Functional Meaning
 
|-
 
|-
 
| SIGHASH_ALL
 
| SIGHASH_ALL
| 0x00000001
+
| style="text-align: center;" | 0x41 / 0100 0001
 +
| style="text-align: center;" | 0x01 / 0000 0001
 
| Sign all inputs and outputs
 
| Sign all inputs and outputs
 
|-
 
|-
 
| SIGHASH_NONE
 
| SIGHASH_NONE
| 0x00000002
+
| style="text-align: center;" | 0x42 / 0100 0010
 +
| style="text-align: center;" | 0x02 / 0000 0010
 
| Sign all inputs and no output
 
| Sign all inputs and no output
 
|-
 
|-
 
| SIGHASH_SINGLE
 
| SIGHASH_SINGLE
| 0x00000003
+
| style="text-align: center;" | 0x43 / 0100 0011
 +
| style="text-align: center;" | 0x03 / 0000 0011
 
| Sign all inputs and the output with the same index
 
| Sign all inputs and the output with the same index
 
|-
 
|-
 
| SIGHASH_ALL <nowiki>|</nowiki> ANYONECANPAY
 
| SIGHASH_ALL <nowiki>|</nowiki> ANYONECANPAY
| 0x00000081
+
| style="text-align: center;" | 0xC1 / 1100 0001
 +
| style="text-align: center;" | 0x81 / 1000 0001
 
| Sign its own input and all outputs
 
| Sign its own input and all outputs
 
|-
 
|-
 
| SIGHASH_NONE <nowiki>|</nowiki> ANYONECANPAY
 
| SIGHASH_NONE <nowiki>|</nowiki> ANYONECANPAY
| 0x00000082
+
| style="text-align: center;" | 0xC2 / 1100 0010
 +
| style="text-align: center;" | 0x82 / 1000 0010
 
| Sign its own input and no output
 
| Sign its own input and no output
 
|-
 
|-
 
| SIGHASH_SINGLE <nowiki>|</nowiki> ANYONECANPAY
 
| SIGHASH_SINGLE <nowiki>|</nowiki> ANYONECANPAY
| 0x00000083
+
| style="text-align: center;" | 0xC3 / 1100 0011
 +
| style="text-align: center;" | 0x83 / 1000 0011
 
| Sign its own input and the output with the same index
 
| Sign its own input and the output with the same index
 
|}
 
|}
Line 37: Line 46:
 
==Items that are ''always'' signed==
 
==Items that are ''always'' signed==
  
The signature on any input always signs the TXID and VOUT that comprise the Outpoint being spent.
+
The signature on any input always signs the [[TXID]] and [[VOUT]] that comprise the Outpoint being spent as well as the [[Version|version]] of the protocol that the transaction is being evaluated under and the [[nLocktime|locktime]] being applied to the transaction.
  
 
{| class="wikitable" style="text-align: center;"
 
{| class="wikitable" style="text-align: center;"
Line 64: Line 73:
 
|[ChecksigP2]
 
|[ChecksigP2]
 
|-
 
|-
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 
|- style="height: 7em;"
 
|- style="height: 7em;"
 
|style="font-style: italic;"|Outpoint N
 
|style="font-style: italic;"|Outpoint N
Line 102: Line 113:
 
|[ChecksigP2]
 
|[ChecksigP2]
 
|-
 
|-
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold; background: #f5b7b1;"|...
 +
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 
|- style="height: 7em;"
 
|- style="height: 7em;"
 
|style="font-style: italic;"|Outpoint N
 
|style="font-style: italic;"|Outpoint N
Line 140: Line 153:
 
|style="background-color:#abebc6"|[ChecksigP2]
 
|style="background-color:#abebc6"|[ChecksigP2]
 
|-
 
|-
|style="font-style: bold;"|...
+
|style="font-style: bold; background-color:#abebc6;"|...
 
|style="font-style: bold;"|...
 
|style="font-style: bold;"|...
 
|style="font-style: bold; background-color:#abebc6;"|...
 
|style="font-style: bold; background-color:#abebc6;"|...
Line 180: Line 193:
 
|[ChecksigP2]
 
|[ChecksigP2]
 
|-
 
|-
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold; background-color:#abebc6;"|...
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 
|- style="height: 7em;"
 
|- style="height: 7em;"
 
|style="background-color:#abebc6; font-style: italic;"|Outpoint N
 
|style="background-color:#abebc6; font-style: italic;"|Outpoint N
Line 218: Line 233:
 
|[ChecksigP2]
 
|[ChecksigP2]
 
|-
 
|-
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold; background-color:#abebc6;"|...
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 
|- style="height: 7em;"
 
|- style="height: 7em;"
 
|style="background-color:#abebc6; font-style: italic;"|Outpoint N
 
|style="background-color:#abebc6; font-style: italic;"|Outpoint N
Line 256: Line 273:
 
|style="background-color:#abebc6"|[ChecksigP2]
 
|style="background-color:#abebc6"|[ChecksigP2]
 
|-
 
|-
|colspan="2" style="font-style: bold;"|...
+
|style="font-style: bold;"|...
|colspan="2" style="font-style: bold; background-color:#abebc6;"|...
+
|style="font-style: bold;"|...
 +
|style="font-style: bold; background-color:#abebc6;"|...
 +
|style="font-style: bold; background-color:#abebc6;"|...
 
|- style="height: 7em;"
 
|- style="height: 7em;"
 
|style="font-style: italic;"|Outpoint N
 
|style="font-style: italic;"|Outpoint N
Line 294: Line 313:
 
|[ChecksigP2]
 
|[ChecksigP2]
 
|-
 
|-
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 
|- style="height: 7em;"
 
|- style="height: 7em;"
 
|style="font-style: italic;"|Outpoint N
 
|style="font-style: italic;"|Outpoint N
Line 332: Line 353:
 
|[ChecksigP2]
 
|[ChecksigP2]
 
|-
 
|-
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
|colspan="2" style="font-style: bold; |...
+
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 +
|style="font-style: bold;"|...
 
|- style="height: 7em;"
 
|- style="height: 7em;"
 
|style="font-style: italic;"|Outpoint N
 
|style="font-style: italic;"|Outpoint N
Line 345: Line 368:
  
  
Use Case 1 - Crowdfunding
+
===Use Case 1 - Crowdfunding===
 
+
Using ALL <nowiki>|</nowiki> ANYONECANPAY allows a transaction to have a fixed output or fixed outputs while keeping the input list open. That is, anyone can add their input with their signature to the transaction without invalidating all existing signatures.
Using ALL <nowiki>|</nowiki> ANYONECANPAY allows a transaction to have a fixed output or fixed outputs while keep the input list open. That is, anyone can add their input with their signature to the transaction without invalidating all existing signatures.
 
 
 
 
 
Use Case 2 - Blank Check
 
  
Using NONE allows any miner to add their desired outputs to the transaction to claim the fund in the input.
 
  
 +
===Use Case 2 - Blank Check===
 +
Using NONE allows anyone to add their desired outputs to the transaction to claim the funds in the input.
  
Use Case 3 - Modular Transaction
 
  
 +
===Use Case 3 - Modular Transaction===
 
Using SINGLE <nowiki>|</nowiki> ANYONECANPAY modularises a transaction. Any number of these transactions can be combined into one transaction.
 
Using SINGLE <nowiki>|</nowiki> ANYONECANPAY modularises a transaction. Any number of these transactions can be combined into one transaction.
  
 
==References==
 
==References==
 
https://github.com/bitcoin-sv/bitcoin-sv/blob/master/src/script/sighashtype.h
 
https://github.com/bitcoin-sv/bitcoin-sv/blob/master/src/script/sighashtype.h

Latest revision as of 05:42, 21 April 2022

A SIGHASH flag is used to indicate which part of the transaction is signed by the ECDSA signature. The mechanism provides a flexibility in constructing transactions. There are in total 6 different flag combinations that can be added to a digital signature in a transaction. Note that different inputs can use different SIGHASH flags enabling complex compositions of spending conditions.

NOTE: Currently all BitcoinSV transactions require an additional SIGHASH flag called SIGHASH_FORKID which is 0x40

Flag Value including SIGHASH_FORKID
HEX / BINARY
Value excluding SIGHASH_FORKID
HEX / BINARY
Functional Meaning
SIGHASH_ALL 0x41 / 0100 0001 0x01 / 0000 0001 Sign all inputs and outputs
SIGHASH_NONE 0x42 / 0100 0010 0x02 / 0000 0010 Sign all inputs and no output
SIGHASH_SINGLE 0x43 / 0100 0011 0x03 / 0000 0011 Sign all inputs and the output with the same index
SIGHASH_ALL | ANYONECANPAY 0xC1 / 1100 0001 0x81 / 1000 0001 Sign its own input and all outputs
SIGHASH_NONE | ANYONECANPAY 0xC2 / 1100 0010 0x82 / 1000 0010 Sign its own input and no output
SIGHASH_SINGLE | ANYONECANPAY 0xC3 / 1100 0011 0x83 / 1000 0011 Sign its own input and the output with the same index


The tables below illustrate what is signed and what is not signed in an ECDSA siganture depending on the SIGHASH type used.

Items that are always signed

The signature on any input always signs the TXID and VOUT that comprise the Outpoint being spent as well as the version of the protocol that the transaction is being evaluated under and the locktime being applied to the transaction.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A .....Sig Pa, Tx..... Xa BSV [ChecksigP1]
Outpoint B .....Sig Pb, Tx..... Xb BSV [ChecksigP2]
... ... ... ...
Outpoint N .....Sig PN, Tx..... XN BSV [ChecksigPm]

Items that are never signed

Unlocking scripts are never signed

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A .....Sig Pa, Tx..... Xa BSV [ChecksigP1]
Outpoint B .....Sig Pb, Tx..... Xb BSV [ChecksigP2]
... ... ... ...
Outpoint N .....Sig PN, Tx..... XN BSV [ChecksigPm]

SIGHASH_ALL

SIGHASH_ALL signs all inputs and outputs used to build the transaction. Once an input signed with SIGHASH_ALL is added to a transaction, the transaction's details cannot be changed without that signature being invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A .....Sig Pa, Tx..... Xa BSV [ChecksigP1]
Outpoint B .....Sig Pb, Tx..... Xb BSV [ChecksigP2]
... ... ... ...
Outpoint N .....Sig PN, Tx..... XN BSV [ChecksigPm]

SIGHASH_SINGLE

SIGHASH_SINGLE signs all inputs and the output that shares the same index as the input being signed. If that output or any inputs are changed that signature becomes invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A .....Sig Pa, Tx..... Xa BSV [ChecksigP1]
Outpoint B .....Sig Pb, Tx..... Xb BSV [ChecksigP2]
... ... ... ...
Outpoint N .....Sig PN, Tx..... XN BSV [ChecksigPm]

SIGHASH_NONE

SIGHASH_NONE signs all inputs and no outputs. Any output can be changed without invalidating the signature however if any inputs are changed that signature becomes invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A .....Sig Pa, Tx..... Xa BSV [ChecksigP1]
Outpoint B .....Sig Pb, Tx..... Xb BSV [ChecksigP2]
... ... ... ...
Outpoint N .....Sig PN, Tx..... XN BSV [ChecksigPm]

SIGHASH_ALL|ANYONECANPAY

`Once an input signed with SIGHASH_ALL|ANYONECANPAY is added to a transaction outputs cannot be changed or added without that signature being invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A .....Sig Pa, Tx..... Xa BSV [ChecksigP1]
Outpoint B .....Sig Pb, Tx..... Xb BSV [ChecksigP2]
... ... ... ...
Outpoint N .....Sig PN, Tx..... XN BSV [ChecksigPm]

SIGHASH_SINGLE|ANYONECANPAY

SIGHASH_SINGLE|ANYONECANPAY signs the input being signed and the output that shares the same index. If that output is changed that signature becomes invalidated.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A .....Sig Pa, Tx..... Xa BSV [ChecksigP1]
Outpoint B .....Sig Pb, Tx..... Xb BSV [ChecksigP2]
... ... ... ...
Outpoint N .....Sig PN, Tx..... XN BSV [ChecksigPm]

SIGHASH_NONE|ANYONECANPAY

SIGHASH_NONE|ANYONECANPAY signs a single inputs and no outputs. This type of signature can be used to easily assign funds to a person or smart-contract without creating an on-chain action.

TxID
Version
Locktime
Inputs Outputs
Unlocking Script Locking Script
Outpoint A .....Sig Pa, Tx..... Xa BSV [ChecksigP1]
Outpoint B .....Sig Pb, Tx..... Xb BSV [ChecksigP2]
... ... ... ...
Outpoint N .....Sig PN, Tx..... XN BSV [ChecksigPm]

Use cases

SIGHASH flags are useful when constructing smart contracts and negotiable transactions in payment channels.


Use Case 1 - Crowdfunding

Using ALL | ANYONECANPAY allows a transaction to have a fixed output or fixed outputs while keeping the input list open. That is, anyone can add their input with their signature to the transaction without invalidating all existing signatures.


Use Case 2 - Blank Check

Using NONE allows anyone to add their desired outputs to the transaction to claim the funds in the input.


Use Case 3 - Modular Transaction

Using SINGLE | ANYONECANPAY modularises a transaction. Any number of these transactions can be combined into one transaction.

References

https://github.com/bitcoin-sv/bitcoin-sv/blob/master/src/script/sighashtype.h