SIGHASH Types¶
links: DSS TOC - Scaling - Index
Challenge
The problem with current signature verification process (OP_CHECKSIG) is that the signature is verified with the public key from the stack which means that, for each spending transaction only one key is able to sign the entire transaction by default. This denies collaborative creation of transactions. The SIGHASH Type works against this by allowing to specify another way of signing transactions. This type specifies which parts of the transaction are removed before the transaction is signed.
This mainly concerns in- and outputs. Fields not in in- or outputs are never removed (locktime and version fields). Input scripts are always removed. The removed parts are unsigned and can thus be changed by other participants. This gives us the ability to collaboratively build transactions.
SIGHASH Types:
SIGHASH_ALL
(default): Sings all inputs and outputs \(\rightarrow\) this will lead to the behavior we had without the SIGHASH types \(\rightarrow\) This is also the reason this is the default (remember Soft Forks?)SIGHASH_NONE
: Signs all inputsSIGHASH_SINGLE
: Signs all inputs and the output of the current inputSIGHASH_ANYONECANPAY
: This means that only the current input will be signed.
Combining SIGHASH_ALL
, SIGHASH_NONE
and SIGHASH_SINGLE
with SIGHASH_ANYONECANPAY
results in additional types:
ALL | ANYONECANPAY
: Current input and all outputs are signed (crowdfunding)NONE | ANYONECANPAY
: Current input but no outputs are signedSINGLE | ANYONECANPAY
: Current input and the corresponding output is signed.
Using SIGHASH types for signature creation leads to following process (simplified):
- Copy transaction
- delete all fields according to the SIGHASH type
- serialize remaining
- append SIGHASH type
- hash
- create signature of the hash
With this we are now able to partially sign transactions if we want to. This makes the transactions more flexible and allows other use cases.
links: DSS TOC - Scaling - Index