Fix BIP143 standardness rules for CHECKMULTISIG #33759

pull roconnor-blockstream wants to merge 1 commits into bitcoin:master from roconnor-blockstream:bip143-standardness-2025-10 changing 3 files +27 −15
  1. roconnor-blockstream commented at 1:54 am on November 1, 2025: contributor

    From https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#restrictions-on-public-key-type

    As a default policy, only compressed public keys are accepted in P2WPKH and P2WSH. Each public key passed to a sigop inside version 0 witness program must be a compressed key: the first byte MUST be either 0x02 or 0x03, and the size MUST be 33 bytes. Transactions that break this rule will not be relayed or mined by default.

    PR #8499 ’s implemenation is insufficent to meet BIP143’s requirements as it only checks those pubkeys processed by CHECKMULTISIG, whereas BIP143 requires that every public key passed to the CHECKMULTISIG be validated.

    Note: these restrictions are policy only and not consensus rules.

  2. DrahtBot commented at 1:54 am on November 1, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33759.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept NACK ajtowns

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #33755 (Relax standardness rules regarding CHECKMULTISIG by roconnor-blockstream)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  3. Fix BIP143 standardness rules for CHECKMULTISIG 
    From https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#restrictions-on-public-key-type

> As a default policy, only compressed public keys are accepted in P2WPKH and
> P2WSH. Each public key passed to a sigop inside version 0 witness program must
> be a compressed key: the first byte MUST be either 0x02 or 0x03, and the size
> MUST be 33 bytes. Transactions that break this rule will not be relayed or mined
> by default.

PR #8499 's implemenation is insufficent to meet BIP143's requirements as it
only checks those pubkeys processed by CHECKMULTISIG, whereas BIP143 requires
that every public key passed to the CHECKMULTISIG be validated.

Note: these restrictions are policy only and not consensus rules.
    5ea1ea880e
  4. roconnor-blockstream force-pushed on Nov 3, 2025
  5. ajtowns commented at 8:55 pm on November 3, 2025: contributor
    Concept NACK. This doesn’t seem like a productive use of anyone’s time? “passed to a sigop” is at most ambiguous, and that ambiguity is already resolved by the implementation; if it’s a problem, update the BIP text to match the implementation. Changing the implementation risks “soft” confiscating funds (ie, transactions that were relayable become non-standard and can only be mined directly), which doesn’t seem at all worth doing.
  6. roconnor-blockstream commented at 9:48 pm on November 3, 2025: contributor

    I don’t think the wording “passed to a sigop” is ambiguous at all, but I’m fine with the BIP text being clarified if someone wants to do that instead.

    I don’t have a strong opinion on how to resolve the disagreement. I do think that updating the implementation is slightly better, but only slightly.


roconnor-blockstream DrahtBot ajtowns

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-27 00:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me