Skip to content

Commit b582f4e

Browse files
committed
bip-noreplay: Redo leading zero logic and allow truncated block hashes
1 parent d7abc41 commit b582f4e

File tree

1 file changed

+15
-4
lines changed

1 file changed

+15
-4
lines changed

bip-noreplay.mediawiki

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,13 +31,11 @@ When this opcode is executed:
3131
* If the blockchain (in the context of the execution) does not have ParamHeight blocks, the script fails (this failure must not be cached across blocks; it is equivalent to non-final status).
3232
* If ParamHeight specifies a block deeper than 52596 blocks in the chain (including negative values), the opcode completes successfully and script continues as normal.
3333
* The second-to-top item on the stack is interpreted as a block hash (ParamBlockHash).
34-
* If ParamBlockHash is longer than 28 bytes or has leading zeros, the script fails.
35-
* If ParamBlockHash does not match the block hash of the block specified by ParamHeight, the script fails.
34+
* If ParamBlockHash is longer than 28 bytes, the script fails.
35+
* If ParamBlockHash does not match the equivalent ending bytes of the block hash specified by ParamHeight, the script fails.
3636
3737
Otherwise, script execution will continue as if a NOP had been executed.
3838

39-
FIXME: some way to mask out parts of the block hash for gambling/deterministic-random applications?
40-
4139
===Deployment===
4240

4341
This BIP will be deployed by "version bits" [[bip-0009.mediawiki|BIP9]] with the '''name''' "cbah" and using '''bit''' TBD.
@@ -77,6 +75,19 @@ Why are blocks older than 52596 deep in the chain not verified?
7775
* It is assumed that 1 year is sufficient time to double-spend any common UTXOs on all blockchains of interest.
7876
* If a deeper check is needed, it can be softforked in. Making the check more shallow, on the other hand, is a hardfork.
7977
78+
Why is ParamBlockHash allowed to match less than the full block hash?
79+
80+
* In a chain split, it is sufficient to check only a few bytes to avoid replay.
81+
* In all scenarios, it is likely sufficient to check only a minority of the full hash to avoid any realistic chance of replay.
82+
* Allowing less than the full hash to be specified saves space in transaction data.
83+
* Using a single byte can be combined with other opcodes (such as <code>OP_LESSTHAN</code>) to enable on-chain gambling logic.
84+
85+
What if ParamBlockHash has leading zeros? Should this be prevented?
86+
87+
* If leading zeros are included, they should be compared to the actual block hash. (If they were truncated, fewer bytes would be compared.)
88+
* It is unlikely that the leading zeros will ever be necessary for sufficient precision, so the additional space is not a concern.
89+
* Since all block hashes are in principle shorter than than 29 bytes, ParamBlockHash may not be larger than 28 bytes.
90+
8091
TODO
8192

8293
==Backwards Compatibility==

0 commit comments

Comments
 (0)