Posts

Does SIGHASH_ANYPREVOUT commit to the TapLeaf hash or the full Taproot Merkle path?

When spending a Taproot script-path output with SIGHASH_ANYPREVOUT (BIP118), I want to understand what exactly is committed to regarding the script tree. Specifically: if two UTXOs have the same executed leaf (same TapLeaf hash) but different TapTree structures (different Merkle paths), will the same APO signature validate against both? I constructed a multi-round Eltoo chain on Inquisition signet, and observed that the APO signature can still be reused across rounds and successfully spend the output. I also confirmed that the same APO signature can spend two different UTXOs with identical scripts and amounts ( tx1 , tx2 ). This suggests that the signature commits to the TapLeaf hash, but not the full Merkle path — and I’d like to confirm whether this is the correct interpretation. from Recent Questions - Bitcoin Stack Exchange https://ift.tt/8RLqVjy via IFTTT
Read more

Why Bitcoin is not starting to act on quantum threat?

How come Bitcoin community is not acting on this huge threat? They keep saying it is a FUD instead of getting together and coming up with ideas. Without proper roadmap Bitcoin will be eliminated within next 4 years! https://www.coindesk.com/tech/2026/03/28/watch-out-bitcoin-devs-google-says-post-quantum-migration-needs-to-happen-by-2029 from Recent Questions - Bitcoin Stack Exchange https://ift.tt/ZDH2Nzc via IFTTT
Read more

Web3/crypto service with non-bip39 wordlist recovery phrase

I'm looking for a web-based wallet, web3 service or exchange that uses their own, non-bip39 wordlist. My backup phrase contains the words ministry, goodbye, distribute, and formal - these are not written down incorrectly, since this is an actual screenshot with the full recovery phrase. The only issue is that I don't remember which service I used this for. I signed up for quite a few back in the day and typically made screenshots rather than write down the words. Unfortunately, this particular screenshot does not contain the name of the service or the url... Any help would be appreciated! from Recent Questions - Bitcoin Stack Exchange https://ift.tt/1UwgueD via IFTTT
Read more

How does CSFS re-keying / laddering avoid replay across UTXOs?

With OP_CHECKSIGFROMSTACK (CSFS), signatures are verified against an explicit message rather than the transaction sighash. This seems to allow the same (sig, message) pair to be reused across different UTXOs, unless something binds the message to a specific context. Some discussions (e.g. by Jeremy Rubin https://rubin.io/bitcoin/2024/12/02/csfs-ctv-rekey-symmetry/ ) mention re-keying or laddering constructions to mitigate this. My question is: How exactly do CSFS laddering or re-keying schemes prevent cross-UTXO replay in practice? What is the binding mechanism — is it based on chaining commitments, updating keys per step, or something else? from Recent Questions - Bitcoin Stack Exchange https://ift.tt/NYzps2H via IFTTT
Read more

What kind of “contract engineering” roles could emerge from current Bitcoin Script primitives?

I’ve been testing simple opcode combinations — CHECKSIG, CSFS, IK+CSFS....trying to get a feel for what each one actually binds. It feels like the challenge is less about expressiveness, and more about choosing the right kind of binding. I’m wondering: Do developers see this as its own discipline — not Ethereum-style contracts, but something like designing Bitcoin’s contracts within constraints? Does that map to a distinct kind of engineering role over time? Or is this still just considered script work? from Recent Questions - Bitcoin Stack Exchange https://ift.tt/7xwDKoX via IFTTT
Read more

unable to sweep paper wallet - notification says "bad connection to Electrum network"

I can't transfer my paper wallet BTC to my wallet (Android); I only get the notification "bad connection to Electrum network". How can I solve the issue and access my BTC? from Recent Questions - Bitcoin Stack Exchange https://ift.tt/MYw2lnU via IFTTT
Read more

How do you build intuition for spotting unsafe opcode compositions early?

I’ve been running opcode composition experiments (e.g. CAT+CSFS, IK+CSFS) on signet. Related: #130613 , #130598 , Delving thread In several cases, the script validates correctly, but still feels structurally unsafe (e.g. replay, cross-UTXO reuse, weak binding). My question: How do experienced developers recognize these issues early, before they turn into real vulnerabilities? In particular, how do you reason about whether a construction is "too general" or insufficiently bound? from Recent Questions - Bitcoin Stack Exchange https://ift.tt/1lGnXZD via IFTTT
Read more