public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Luke Dashjr <luke@dashjr.org>
To: Christian Decker <decker.christian@gmail.com>
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs
Date: Wed, 21 Oct 2015 08:39:41 +0000	[thread overview]
Message-ID: <201510210839.42420.luke@dashjr.org> (raw)
In-Reply-To: <CALxbBHVnb-bLx47RcST0ZP2pg2YPzC5TvCDjL1qXqEQLN2qSGA@mail.gmail.com>

On Wednesday, October 21, 2015 8:31:42 AM Christian Decker wrote:
> On Wed, Oct 21, 2015 at 9:52 AM Luke Dashjr <luke@dashjr.org> wrote:
> > On Wednesday, October 21, 2015 7:39:45 AM Christian Decker wrote:
> > > On Wed, Oct 21, 2015 at 8:19 AM Luke Dashjr <luke@dashjr.org> wrote:
> > > > This doesn't completely close malleability (which should be
> > > > documented
> > 
> > in
> > 
> > > > the BIP), so I'm not sure it's worth the cost, especially if closing
> > > > malleability later on would need more. How about specifying flags
> > 
> > upfront
> > 
> > > > in the UTXO-creating transaction specifying which parts the signature
> > > > will cover? This would allow implementation of fully
> > > > malleability-proof wallets.
> > > 
> > > As far as I see it the only remaining venues for malleability are the
> > > use of sighash flags that are not SIGHASH_ALL, as mentioned in the
> > > BIP. Any
> > 
> > use
> > 
> > > of non-sighash_all flags is already an explicit permission to modify
> > > the transactions, by adding and removing inputs and outputs, so I
> > > don't see
> > 
> > how
> > 
> > > these can be made non-malleable. Am I missing something?
> > 
> > Signer malleability is still a notable concern needing consideration.
> > Ideally,
> > wallets should be trying to actively CoinJoin, bump fees on, etc any
> > pending
> > transactions in the background. These forms of malleability affect nearly
> > as
> > many real use cases as third-party malleability.
> > 
> > Luke
> 
> How is signer malleability still a problem if we remove the signatures from
> the transaction ID of the transaction and all preceding transactions? The
> signer can re-sign a transaction but it won't change the transaction ID.

The signer can also change the order of the inputs, the inputs themselves, 
add/remove outputs, etc... all which should be possible without becoming a 
different logical transaction. The only unique property of the logical 
transaction is the scriptPubKey/address.

Luke


  reply	other threads:[~2015-10-21  8:41 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-19 14:01 [bitcoin-dev] [BIP] Normalized transaction IDs Christian Decker
2015-10-19 15:23 ` Tier Nolan
2015-10-19 19:28   ` Christian Decker
2015-10-19 22:22   ` s7r
2015-10-20 10:30     ` Christian Decker
2015-10-21  6:18 ` Luke Dashjr
2015-10-21  7:39   ` Christian Decker
2015-10-21  7:52     ` Luke Dashjr
2015-10-21  8:31       ` Christian Decker
2015-10-21  8:39         ` Luke Dashjr [this message]
2015-10-21  8:44           ` Christian Decker
2015-10-21  8:46             ` Luke Dashjr
2015-10-21 18:22               ` Danny Thorpe
2015-10-21 19:27                 ` Gregory Maxwell
2015-10-21 23:20                 ` Luke Dashjr
2015-10-22  8:26                   ` Christian Decker
2015-10-22  8:57                     ` Gregory Maxwell
2015-10-22 11:54                       ` Christian Decker
2015-10-22  9:05                     ` Luke Dashjr
2015-11-03 20:37                       ` Christian Decker
2015-11-03 20:48                         ` Luke Dashjr
2015-11-03 21:44                           ` Christian Decker
2015-11-03 22:01                             ` Luke Dashjr
2015-11-05 15:27                               ` Jorge Timón
2015-11-05 19:36                                 ` Luke Dashjr
2015-11-05 20:25                                   ` Jorge Timón
2015-11-05 22:46                                     ` s7r
2015-11-05 22:29                                   ` Adam Back
2015-11-06 14:52                                 ` Christian Decker
2015-11-04  4:00                             ` Peter Todd
2015-11-05  9:38                               ` Christian Decker
2015-10-21  7:48   ` Gregory Maxwell
2015-10-21  8:26     ` Gregory Maxwell
2015-10-21  8:49       ` Christian Decker
2015-10-21  8:50         ` Christian Decker
2015-10-21 10:14         ` Gregory Maxwell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201510210839.42420.luke@dashjr.org \
    --to=luke@dashjr.org \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=decker.christian@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox