● Discussion about tagging outputs to enable restricted features on spending: The BIP118 SIGHASH_NOINPUT_UNSAFE (noinput) proposal allows the person generating a signature that authorizes the spend of one UTXO to optionally allow that signature to be reused (“replayed”) for spending other UTXOs sent to the same public key. This enables new features when used with protocols such as payment channels that all contain the same public keys (see the proposed Eltoo layer for LN), but it also makes possible replay attacks that can result in a loss of money when users reuse addresses. For example: Alice uses a coin she previously received to one of her addresses and signs a spend to Bob using SIGHASH_NOINPUT_UNSAFE. Later someone else pays money to that same address of Alice’s intending to send her some more money. Bob (or anyone else) can now send that output to Bob by replaying Alice’s earlier signature.

One way to help avoid such accidents is simply by appending “UNSAFE” to the name of the feature, encouraging developers to learn about the protocol’s nuances before they implement it in their tools. However, some developers have been looking for additional ways to prevent problems. In December, Johnson Lau proposed only allowing noinput to be used if the output being spent had been specially tagged at its creation to allow the use of noinput. This would only allow the feature to be used when both the spender and receiver agreed (as in the case of a payment channel), preventing any miscommunications or misunderstandings from ending in loss of funds.

Renewed discussion last week and this week saw analysis of the impact this would have on proposed layer two protocols such as Eltoo and Channel Factories. Although tagging increases complexity, the general opinion seems to be that it doesn’t fundamentally increase the cost or reduce the effectiveness of the described proposals, although it could make them a bit less private.