Fix the InputWeightPrediction constants for DER signatures

The P2WPKH_MAX constant assumed DER signatures in the witness have
a max length of 73. However, their maximum length in practice is 72,
because BIP62 forbids nodes from relaying transactions whose ECDSA
signatures are not canonical (i.e. all sigs must have an s value of
less than n/2). This means s is never encoded with a leading zero
byte, and the signature as a whole never exceeds 72 bytes in total
encoded length. The ground_p2wpkh function was already correct;
only the constant needed to be corrected.
This commit is contained in:
conduition 2023-11-21 06:04:38 +00:00
parent b5ce219c62
commit 4514a80a23
1 changed files with 1 additions and 1 deletions

View File

@ -1321,7 +1321,7 @@ impl InputWeightPrediction {
/// under-paying. See [`ground_p2wpkh`](Self::ground_p2wpkh) if you do use signature grinding. /// under-paying. See [`ground_p2wpkh`](Self::ground_p2wpkh) if you do use signature grinding.
/// ///
/// [signature grinding]: https://bitcoin.stackexchange.com/questions/111660/what-is-signature-grinding /// [signature grinding]: https://bitcoin.stackexchange.com/questions/111660/what-is-signature-grinding
pub const P2WPKH_MAX: Self = InputWeightPrediction::from_slice(0, &[73, 33]); pub const P2WPKH_MAX: Self = InputWeightPrediction::from_slice(0, &[72, 33]);
/// Input weight prediction corresponding to spending of a P2PKH output with the largest possible /// Input weight prediction corresponding to spending of a P2PKH output with the largest possible
/// DER-encoded signature, and a compressed public key. /// DER-encoded signature, and a compressed public key.