Skip to content

Support exotic sighashes#623

Open
1ma wants to merge 1 commit intoSeedSigner:devfrom
1ma:custom-sighashes
Open

Support exotic sighashes#623
1ma wants to merge 1 commit intoSeedSigner:devfrom
1ma:custom-sighashes

Conversation

@1ma
Copy link
Contributor

@1ma 1ma commented Nov 6, 2024
edited
Loading

Description

Solves issue #545

Before this change, attempting to sign a psbt specifying any sighash other than SIGHASH_ALL would show an error on the Seedsigner.

The gist of the issue is that if the sighash argument of psbt.sign_with() is not explitictly set to None, embit doesn't take the sighash in the psbt into account. With sighash=None, embit signs each input in the manner that the psbt data specifies.

This has been tested in native segwit and taproot. However, taproot transactions with an exotic sighash are not signed correctly. I suspect this could be an issue with embit, not seedsigner.

I'm not sure how to write a test for this change, feedback appreciated.

Testing approach

  1. Set up the Seedsigner emulator and configured it in testnet mode.
  2. Loaded a dummy seed into the seedsigner (e.g. aim 12 times).
  3. Created a cold wallet in Sparrow by exporting the xpub of that seed.
  4. Sent some testnet sats to this new wallet.
  5. Created a transaction from Sparrow. In the next menu, a non-standard sighash such as SINGLE|ACP was chosen.
  6. Scanned the unsigned transaction QR with seedsigner and signed it.
  7. Scanned the signed transaction QR from Sparrow and broadcasted it.

This pull request is categorized as a:

  • New feature
  • Bug fix
  • Code refactor
  • Documentation
  • Other

Checklist

  • I’ve run pytest and made sure all unit tests pass before sumbitting the PR

If you modified or added functionality/workflow, did you add new unit tests?

  • No, I’m a fool
  • Yes
  • N/A

I have tested this PR on the following platforms/os:

Note: Keep your changes limited in scope; if you uncover other issues or improvements along the way, ideally submit those as a separate PR. The more complicated the PR the harder to review, test, and merge.

@1ma
Copy link
Contributor Author

1ma commented Nov 7, 2024

The invalid Taproot transactions have been reproduced in embit itself, so it's not a bug in Seedsigner.

Related issue: diybitcoinhardware/embit#65

@polespinasa
Copy link

polespinasa commented Nov 7, 2024
edited
Loading

Approach ACK
New tests should be added to check the correct functionality. At least for segwit v0 for the moment.

Not tested in my local environment.

@1ma 1ma marked this pull request as ready for review November 7, 2024 15:06
@1ma
Copy link
Contributor Author

1ma commented Nov 8, 2024

Required fix in the Embit library to sign SIGHASH_SINGLE and SIGHASH_ANYONECANPAY Taproot transactions with a Seedsigner: diybitcoinhardware/embit#66

@ekrembal
Copy link

ekrembal commented Jul 1, 2025

Required fix in the Embit library to sign SIGHASH_SINGLE and SIGHASH_ANYONECANPAY Taproot transactions with a Seedsigner: diybitcoinhardware/embit#66

@1ma were you able to build the seedsigner with the embit fix?

@1ma
Copy link
Contributor Author

1ma commented Jul 1, 2025

Yes, and it worked fine.

If I recall correctly I only had to reference my fork of embit and the bugfix branch in Seedsigner's requirements.txt file, though I don't remember the specific pip commands. I tested it in the emulator, but I guess you could as well build an .img file for a real device.

https://github.com/1ma/embit/tree/sighash-taproot-fixes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@1ma @polespinasa @ekrembal