Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZIP-143/244: Clarify how prevouts from coinbase transactions are hashed in the sighash computation #535

Open
conradoplg opened this issue Jul 8, 2021 · 1 comment
Open

ZIP-143/244: Clarify how prevouts from coinbase transactions are hashed in the sighash computation #535

conradoplg opened this issue Jul 8, 2021 · 1 comment

Comments

@conradoplg
Copy link
Contributor

In ZIP-143 and ZIP-244 it's not clear how the prevouts of coinbase transactions should be handled. This may have contributed to a bug in Zebra.

The expected behaviour is implicit, since Bitcoin uses a "fake" outpoint for coinbase transactions and this outpoint is what must be hashed.

It would be helpful to mention this explicitly in those ZIPs.
@conradoplg conradoplg mentioned this issue Jul 8, 2021
Merged
3 tasks
@str4d
Copy link
Collaborator

str4d commented Oct 8, 2024

AFAICT the prevouts for coinbase transactions are explicitly specified.

Protocol Spec 3.11 Coinbase Transactions:

A transaction that has a single transparent input with a null prevout field, is called a coinbase transaction.

S.2: transparent_sig_digest:

If we are producing a hash for either a coinbase transaction, or a non-coinbase transaction that has no transparent inputs, the value of transparent_sig_digest is identical to the value specified in section T.2.

T.2: transparent_digest:

In the case that transparent inputs or outputs are present, the transparent digest consists of a BLAKE2b-256 hash of the following values

T.2a: prevouts_digest (32-byte hash)
T.2b: sequence_digest (32-byte hash)
T.2c: outputs_digest  (32-byte hash)

T.2a: prevouts_digest:

A BLAKE2b-256 hash of the field encoding of all outpoint field values of transparent inputs to the transaction.

ZIP 244 Terminology:

The term "field encoding" refers to the binary serialized form of a Zcash transaction field, as specified in section 7.1 of the Zcash protocol specification.

7.1 Transaction Encoding and Consensus:

Transparent inputs, encoded as in Bitcoin.

The Bitcoin coinbase format you referenced above:

Bytes Name Data Type Description
32 hash (null) char[32] A 32-byte null, as a coinbase has no previous outpoint.
4 index (UINT32_MAX) uint32_t 0xffffffff, as a coinbase has no previous outpoint.

Thus, the required field encoding of the output field values for the transparent input of a coinbase transaction, is the field encoding of a null prevout. And indeed that is what we use.

I will note that "3.11 Coinbase Transactions" was added to the protocol spec in March 2022, after the Zebra bug occurred and this issue was filed. However, ZIP 244 is clear that the encoding is the one used in the transaction, and AFAIK Zebra did not have a bug in how it parsed and serialized coinbase transactions (and thus must have been correctly handling null prevouts).

I also note an issue with that March 2022 change: the protocol spec uses "null prevout" and "non-null prevout", but does not specify "prevout" AFAICT.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@conradoplg @str4d