public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Gregory Maxwell <gmaxwell@gmail.com>
To: William Swanson <swansontec@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] 75%/95% threshold for transaction versions
Date: Fri, 24 Apr 2015 20:16:57 +0000	[thread overview]
Message-ID: <CAAS2fgSay0DqeWXfZwX-sN71sLHdRLD51PBmnJfJ5+TC0BQ8zg@mail.gmail.com> (raw)
In-Reply-To: <CABjHNoTeMiLWkDBUqdV4HJ=nAhj8wqOjD4cypY9Dv2y9HJWJMg@mail.gmail.com>

On Fri, Apr 24, 2015 at 7:58 PM, William Swanson <swansontec@gmail.com> wrote:
> On Thu, Apr 16, 2015 at 9:12 AM, s7r <s7r@sky-ip.org> wrote:
>> Thanks for your reply. I agree. Allen has a good point in the previous
>> email too, so the suggestion might not fix anything and complicate things.
>
> The BIP 62 approach to malleability isn't the only option. Another
> approach is to sign the transaction in such a way that the input
> txid's are allowed to change without invalidating the signatures. That
> way, if malleability happens, you just adjust you transaction to match
> and re-broadcast. That proposal is here:

This is not a free choice. There are several concerns, from mild to
severe, that arise when you do not sign enough.

In particular not covering the ID allows for transaction replay which
can result in monetary losses far more severe than any possible
mishandling of malleability could result in. Byzantine attackers can
costlessly replay your old transactions any time anyone reuses an
address, even accidentally (which cannot be easily prevented since
they can race).

Other fun effects also show up like being able to backwards compute
signatures to result in a kind of limited covenant- coins which can
only be spent a particular way which has some implications for
fungibility. (See here for a discussion in general of covenants:
https://bitcointalk.org/index.php?topic=278122.0)

There are no free lunches;  the proposal linked to there is itself a
game of wack-a-mole with assorted masking flags; many of which we have
no notion of if they're useful for any particular application(s); and
it doesn't provide tools to address the replay issue; and in order to
'improve' malleability via that mechanism you must always mask out the
inputs completely; meaning you'd always be exposed to replay and not
just in specialized 'contract' applications where "there won't be
address reuse" could be a strong assumption enforced by the
application.



  reply	other threads:[~2015-04-24 20:17 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-04-15 23:43 [Bitcoin-development] 75%/95% threshold for transaction versions s7r
2015-04-16  2:04 ` Allen Piscitello
2015-04-16  5:22 ` Pieter Wuille
2015-04-16 16:12   ` s7r
2015-04-16 17:34     ` Mark Friedenbach
2015-04-16 23:17       ` s7r
2015-04-17  9:02         ` Pieter Wuille
2015-04-18 14:49           ` s7r
2015-04-24  8:55             ` Jorge Timón
2015-04-24  8:58               ` Jorge Timón
2015-04-24 19:58     ` William Swanson
2015-04-24 20:16       ` Gregory Maxwell [this message]
2015-04-25 15:40         ` Stephen Morse
2015-04-26  0:01           ` s7r
2015-04-26  6:51             ` Joseph Poon
2015-04-26 16:48               ` Joseph Poon
2015-04-25 14:32       ` Stephen Morse
2015-04-27 19:21         ` Peter Todd
2015-04-28 10:17           ` Oleg Andreev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAS2fgSay0DqeWXfZwX-sN71sLHdRLD51PBmnJfJ5+TC0BQ8zg@mail.gmail.com \
    --to=gmaxwell@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=swansontec@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox