The Eltoo proposal, brought back another proposal by Joseph Poon on february 2016 about SIGHASH_NOINPUT. Noinput is a sighash flag that does not include the input TXID, TX index or amount of coins, while including the spent output’s script.

We have long known that SIGHASH_NOINPUT would be a great fit for Lightning. They enable simple watch-towers, i.e., outsource the need to watch the blockchain for channel closures, and react appropriately if our counterparty misbehaves. In addition to this we just released the eltoo [3,4] paper which describes a simplified update mechanism that can be used in Lightning, and other off-chain contracts, with any number of participants.

By not committing to the previous output being spent by the transaction, we can rebind an input to point to any outpoint with a matching output script and value. The binding therefore is no longer explicit through a reference, but through script compatibility, and the transaction ID reference in the input is a hint to validators. The sighash flag is meant to enable some off-chain use-cases and should not be used unless the tradeoffs are well-known. In particular we suggest using contract specific key-pairs, in order to avoid having any unwanted rebinding opportunities.

This allows 3rd party users to check transactions without needing to have the full history, one can just provide a signature that encompasses all prior states, which enables user nodes to go offline delegating this signature to a 3rd party to keep watch on the blockchain. This new sighash will be enabled mostly on segwit addresses as it provides sufficient transaction malleability to discourage improperly using it.

Support us and the authors of this article by donating to the following address:


Comments powered by Talkyard.