Gavin Andresen - 2011-10-06 14:16:05

In an effort to keep discussion on track, I split the discussion of Lamport versus Bernstein signature schemes into its own thread.

So: can anybody think of any potential attacks that would be enabled by having a standard form:

Code:
DUP HASH160 <scripthash> EQUALVERIFY OP_EVAL
... spent by providing:
Code:
<signatures> <serialized script>

The simplest <serialized script> would be <pubkey> CHECKSIG.


Things that occur to me or were brought up in the IRC discussion:


Any other attacks anybody can think of? If implementations are strict in which transaction forms they'll accept as "valid AND mine (counts towards my wallet balance)", but liberal in what transaction forms they'll accept as "valid, but I can't spend it" then it seems to me the risks are small.