Ethereum: Why is the signature hash different for each input in a multi-input transaction?
In Ethereum, when a multi-input transaction is executed, the transaction signature hash is different from the input hash. This may seem counterintuitive at first, but it is important to understand why this choice was made.
BIP 14: Substages and Signature Hashes
The Ethereum Block Producer Interface (BPI) allows for multiple inputs in a multi-input transaction. To accommodate these cases, BIP 14 defines substages, which are intermediate hashes that allow transactions to be executed efficiently.
When a substage is created, the Ethereum Virtual Machine (EVM) swaps the previous scriptPubKey for each input, resulting in different signature hashes. This swap is necessary because the EVM needs to make sure that the transaction output addresses and values match the expected ones.
Why different signatures?
Different signatures are not arbitrary; they serve a specific purpose:
- Consistency: By using different inputs with the same
scriptPubKey, we maintain consistency in the output addresses and transaction values.
- Efficiency: The EVM can use these sub-stages to optimize transaction processing, reducing computational overhead and improving overall performance.
- Security: Using different inputs ensures that transactions cannot be maliciously executed by exploiting weaknesses in the system.
Summary
The signature hash of a multi-input transaction is different from the input hash due to the scriptPubKeys substitution. This design choice is rooted in maintaining consistency, optimizing transaction processing, and ensuring security. In Ethereum, we trust the EVM to correctly substitute inputs, allowing us to execute transactions efficiently and securely.
Example Use Case
Consider a multi-entry transaction where two users want to send funds from one account to another using different scriptPubKeys. To perform this transaction, substituting scriptPubKeys will ensure that:
- Output addresses match expectations.
- Transaction processing is efficient.
- Security is maintained.
In summary, different signature digests in multi-entry transactions are a result of EVM’s ability to substitute scriptPubKeys, which balances consistency, efficiency, and security.
