s7r [ARCHIVE] on Nostr: š Original date posted:2015-05-15 š Original message:Hello, How will this ...
š
Original date posted:2015-05-15
š Original message:Hello,
How will this exactly be safe against:
a) the malleability of the parent tx (2nd level malleability)
b) replays
If you strip just the scriptSig of the input(s), the txid(s) can still
be mutated (with higher probability before it gets confirmed).
If you strip both the scriptSig of the parent and the txid, nothing can
any longer be mutated but this is not safe against replays. This could
work if we were using only one scriptPubKey per tx. But this is not
enforced, and I don't think it's the proper way to do it.
Something similar can be achieved if you would use a combination of
flags from here:
https://github.com/scmorse/bitcoin-misc/blob/master/sighash_proposal.md
But this has some issues too.
I've read your draft but didn't understand how exactly will this prevent
normal malleability as we know it, second level malleability and replays
as well as how will we do the transition into mapping the txes in the
blockchain to normalized txids. Looking forward to read more on this
topic. Thanks for the brainstorming ;)
On 5/13/2015 3:48 PM, Christian Decker wrote:
> Hi All,
>
> I'd like to propose a BIP to normalize transaction IDs in order to
> address transaction malleability and facilitate higher level protocols.
>
> The normalized transaction ID is an alias used in parallel to the
> current (legacy) transaction IDs to address outputs in transactions. It
> is calculated by removing (zeroing) the scriptSig before computing the
> hash, which ensures that only data whose integrity is also guaranteed by
> the signatures influences the hash. Thus if anything causes the
> normalized ID to change it automatically invalidates the signature. When
> validating a client supporting this BIP would use both the normalized tx
> ID as well as the legacy tx ID when validating transactions.
>
> The detailed writeup can be found
> here: https://github.com/cdecker/bips/blob/normalized-txid/bip-00nn.mediawiki.
>
> @gmaxwell: I'd like to request a BIP number, unless there is something
> really wrong with the proposal.
>
> In addition to being a simple alternative that solves transaction
> malleability it also hugely simplifies higher level protocols. We can
> now use template transactions upon which sequences of transactions can
> be built before signing them.
>
> I hesitated quite a while to propose it since it does require a hardfork
> (old clients would not find the prevTx identified by the normalized
> transaction ID and deem the spending transaction invalid), but it seems
> that hardforks are no longer the dreaded boogeyman nobody talks about.
> I left out the details of how the hardfork is to be done, as it does not
> really matter and we may have a good mechanism to apply a bunch of
> hardforks concurrently in the future.
>
> I'm sure it'll take time to implement and upgrade, but I think it would
> be a nice addition to the functionality and would solve a long standing
> problem :-)
>
> Please let me know what you think, the proposal is definitely not set in
> stone at this point and I'm sure we can improve it further.
>
> Regards,
> Christian
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
š Original message:Hello,
How will this exactly be safe against:
a) the malleability of the parent tx (2nd level malleability)
b) replays
If you strip just the scriptSig of the input(s), the txid(s) can still
be mutated (with higher probability before it gets confirmed).
If you strip both the scriptSig of the parent and the txid, nothing can
any longer be mutated but this is not safe against replays. This could
work if we were using only one scriptPubKey per tx. But this is not
enforced, and I don't think it's the proper way to do it.
Something similar can be achieved if you would use a combination of
flags from here:
https://github.com/scmorse/bitcoin-misc/blob/master/sighash_proposal.md
But this has some issues too.
I've read your draft but didn't understand how exactly will this prevent
normal malleability as we know it, second level malleability and replays
as well as how will we do the transition into mapping the txes in the
blockchain to normalized txids. Looking forward to read more on this
topic. Thanks for the brainstorming ;)
On 5/13/2015 3:48 PM, Christian Decker wrote:
> Hi All,
>
> I'd like to propose a BIP to normalize transaction IDs in order to
> address transaction malleability and facilitate higher level protocols.
>
> The normalized transaction ID is an alias used in parallel to the
> current (legacy) transaction IDs to address outputs in transactions. It
> is calculated by removing (zeroing) the scriptSig before computing the
> hash, which ensures that only data whose integrity is also guaranteed by
> the signatures influences the hash. Thus if anything causes the
> normalized ID to change it automatically invalidates the signature. When
> validating a client supporting this BIP would use both the normalized tx
> ID as well as the legacy tx ID when validating transactions.
>
> The detailed writeup can be found
> here: https://github.com/cdecker/bips/blob/normalized-txid/bip-00nn.mediawiki.
>
> @gmaxwell: I'd like to request a BIP number, unless there is something
> really wrong with the proposal.
>
> In addition to being a simple alternative that solves transaction
> malleability it also hugely simplifies higher level protocols. We can
> now use template transactions upon which sequences of transactions can
> be built before signing them.
>
> I hesitated quite a while to propose it since it does require a hardfork
> (old clients would not find the prevTx identified by the normalized
> transaction ID and deem the spending transaction invalid), but it seems
> that hardforks are no longer the dreaded boogeyman nobody talks about.
> I left out the details of how the hardfork is to be done, as it does not
> really matter and we may have a good mechanism to apply a bunch of
> hardforks concurrently in the future.
>
> I'm sure it'll take time to implement and upgrade, but I think it would
> be a nice addition to the functionality and would solve a long standing
> problem :-)
>
> Please let me know what you think, the proposal is definitely not set in
> stone at this point and I'm sure we can improve it further.
>
> Regards,
> Christian
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>