Skip to content

Allow omitting previousTx for taproot splices #3143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 25, 2025
Merged

Allow omitting previousTx for taproot splices #3143

merged 1 commit into from
Aug 25, 2025

Conversation

t-bast
Copy link
Member

@t-bast t-bast commented Aug 21, 2025

When splicing a taproot channel, both participants will provide a signature for a segwit v1 input: this signature will cover every spent txOut, including their amount and script. This ensures that attackers cannot reuse a signature while replacing a segwit input with a non-segwit input, which could be used to steal funds.

A side-effect of this change in signature behavior is that we don't need to provide the entire previous transaction when both channel participants sign a taproot input. For simplicity, we only allow this simplification when splicing taproot channels for now. We can also allow channel creation based on swap-in-potentiam, which also uses musig2 and has the same non-malleability guarantee (on feature branches for phoenix users).

See https://delvingbitcoin.org/t/malleability-issues-when-creating-shared-transactions-with-segwit-v0/497 for more details.

@t-bast
Allow omitting previousTx for taproot splices
f483917 
When splicing a taproot channel, both participants will provide a
signature for a segwit v1 input: this signature will cover every
spent `txOut`, including their amount and script. This ensures
that attackers cannot reuse a signature while replacing a segwit
input with a non-segwit input, which could be used to steal funds.

A side-effect of this change in signature behavior is that we don't
need to provide the entire previous transaction when both channel
participants sign a taproot input. For simplicity, we only allow
this simplification when splicing taproot channels for now. We can
also allow channel creation based on swap-in-potentiam, which also
uses musig2 and has the same non-malleability guarantee (on feature
branches for phoenix users).
@t-bast t-bast requested a review from sstone August 21, 2025 12:16
@t-bast t-bast mentioned this pull request Aug 21, 2025
Open
2 tasks
sstone
sstone reviewed Aug 25, 2025
View reviewed changes
Copy link
Member

@sstone sstone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one nit

@t-bast t-bast requested a review from sstone August 25, 2025 11:42
@t-bast t-bast merged commit 0e0da42 into master Aug 25, 2025
1 check passed
@t-bast t-bast deleted the allow-omitting-prevtx-taproot branch August 25, 2025 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sstone sstone sstone approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@t-bast @sstone