You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bip-noreplay.mediawiki
+15-4Lines changed: 15 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,13 +31,11 @@ When this opcode is executed:
31
31
* If the blockchain (in the context of the execution) does not have ParamHeight blocks, the script fails (this failure must not be cached across blocks; it is equivalent to non-final status).
32
32
* If ParamHeight specifies a block deeper than 52596 blocks in the chain (including negative values), the opcode completes successfully and script continues as normal.
33
33
* The second-to-top item on the stack is interpreted as a block hash (ParamBlockHash).
34
-
* If ParamBlockHash is longer than 28 bytes or has leading zeros, the script fails.
35
-
* If ParamBlockHash does not match the block hash of the block specified by ParamHeight, the script fails.
34
+
* If ParamBlockHash is longer than 28 bytes, the script fails.
35
+
* If ParamBlockHash does not match the equivalent ending bytes of the block hash specified by ParamHeight, the script fails.
36
36
37
37
Otherwise, script execution will continue as if a NOP had been executed.
38
38
39
-
FIXME: some way to mask out parts of the block hash for gambling/deterministic-random applications?
40
-
41
39
===Deployment===
42
40
43
41
This BIP will be deployed by "version bits" [[bip-0009.mediawiki|BIP9]] with the '''name''' "cbah" and using '''bit''' TBD.
@@ -77,6 +75,19 @@ Why are blocks older than 52596 deep in the chain not verified?
77
75
* It is assumed that 1 year is sufficient time to double-spend any common UTXOs on all blockchains of interest.
78
76
* If a deeper check is needed, it can be softforked in. Making the check more shallow, on the other hand, is a hardfork.
79
77
78
+
Why is ParamBlockHash allowed to match less than the full block hash?
79
+
80
+
* In a chain split, it is sufficient to check only a few bytes to avoid replay.
81
+
* In all scenarios, it is likely sufficient to check only a minority of the full hash to avoid any realistic chance of replay.
82
+
* Allowing less than the full hash to be specified saves space in transaction data.
83
+
* Using a single byte can be combined with other opcodes (such as <code>OP_LESSTHAN</code>) to enable on-chain gambling logic.
84
+
85
+
What if ParamBlockHash has leading zeros? Should this be prevented?
86
+
87
+
* If leading zeros are included, they should be compared to the actual block hash. (If they were truncated, fewer bytes would be compared.)
88
+
* It is unlikely that the leading zeros will ever be necessary for sufficient precision, so the additional space is not a concern.
89
+
* Since all block hashes are in principle shorter than than 29 bytes, ParamBlockHash may not be larger than 28 bytes.
0 commit comments