This has advantages as the Graftroot signature commits to a single outpoint and cannot be used to spend all outpoints that happen to pay to the same P public key. However, it is unsafe for a Graftroot signature to be "the same" as a signature for a 1-input 1-output transaction. A CoinSwap protocol is presented with Alice paying Bob for a hash preimage, with a timeout imposed so that Bob needs to provide the preimage within a specified time. The Graftroot signature should sign a transaction with a specific special nVersion, that is then soft-forked to be invalid on-chain. Alternatively, a completely different sighash() algorithm could be used.