Tier Nolan [ARCHIVE] on Nostr: 📅 Original date posted:2015-05-15 📝 Original message:On Fri, May 15, 2015 at ...
📅 Original date posted:2015-05-15
📝 Original message:On Fri, May 15, 2015 at 10:54 AM, s7r <s7r at sky-ip.org> wrote:
> Hello,
>
> How will this exactly be safe against:
> a) the malleability of the parent tx (2nd level malleability)
>
The signature signs everything except the signature itself. The normalized
txid doesn't include that signature, so mutations of the signature don't
cause the normalized txid to change.
If the refund transaction refers to the parent using the normalised txid,
then it doesn't matter if the parent has a mutated signature. The
normalized transaction ignores the mutation.
If the parent is mutated, then the refund doesn't even have to be modified,
it still refers to it.
If you want a multi-level refund transaction, then all refund transactions
must use the normalized txids to refer to their parents. The "root"
transaction is submitted to the blockchain and locked down.
> b) replays
>
If there are 2 transactions which are mutations of each other, then only
one can be added to the block chain, since the other is a double spend.
The normalized txid refers to all of them, rather than a specific
transaction.
> If you strip just the scriptSig of the input(s), the txid(s) can still
> be mutated (with higher probability before it gets confirmed).
>
Mutation is only a problem if it occurs after signing. The signature signs
everything except the signature itself.
> If you strip both the scriptSig of the parent and the txid, nothing can
> any longer be mutated but this is not safe against replays.
Correct, but normalized txids are safe against replays, so are better.
I think the new signature opcode fixes things too. The question is hard
fork but clean solution vs a soft fork but a little more hassle.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150515/5b2b0e9e/attachment.html>
📝 Original message:On Fri, May 15, 2015 at 10:54 AM, s7r <s7r at sky-ip.org> wrote:
> Hello,
>
> How will this exactly be safe against:
> a) the malleability of the parent tx (2nd level malleability)
>
The signature signs everything except the signature itself. The normalized
txid doesn't include that signature, so mutations of the signature don't
cause the normalized txid to change.
If the refund transaction refers to the parent using the normalised txid,
then it doesn't matter if the parent has a mutated signature. The
normalized transaction ignores the mutation.
If the parent is mutated, then the refund doesn't even have to be modified,
it still refers to it.
If you want a multi-level refund transaction, then all refund transactions
must use the normalized txids to refer to their parents. The "root"
transaction is submitted to the blockchain and locked down.
> b) replays
>
If there are 2 transactions which are mutations of each other, then only
one can be added to the block chain, since the other is a double spend.
The normalized txid refers to all of them, rather than a specific
transaction.
> If you strip just the scriptSig of the input(s), the txid(s) can still
> be mutated (with higher probability before it gets confirmed).
>
Mutation is only a problem if it occurs after signing. The signature signs
everything except the signature itself.
> If you strip both the scriptSig of the parent and the txid, nothing can
> any longer be mutated but this is not safe against replays.
Correct, but normalized txids are safe against replays, so are better.
I think the new signature opcode fixes things too. The question is hard
fork but clean solution vs a soft fork but a little more hassle.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150515/5b2b0e9e/attachment.html>