public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Christian Decker <decker.christian@gmail.com>
To: s7r@sky-ip.org, bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs
Date: Tue, 20 Oct 2015 10:30:33 +0000	[thread overview]
Message-ID: <CALxbBHVcorvyQnwkDw6O-s6_4uozOY2BB3Aj12H9re2xfyaomA@mail.gmail.com> (raw)
In-Reply-To: <56256D36.5050801@sky-ip.org>

[-- Attachment #1: Type: text/plain, Size: 3541 bytes --]

On Tue, Oct 20, 2015 at 12:23 AM s7r via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> So what exactly is used to create the normalized txid (sha256 hash of
> what data)? I've read in the linked BIP draft that it will strip the
> 'malleable parts' but didn't understand what exactly will be used to
> calculate the normalized transactions ids and how will the change apply
> retro-active for the transactions so deep buried in the blockchain?
>

The normalization involves two steps:
 - strip the scriptSig scripts in the inputs, i.e., the only part whose
integrity is not guaranteed by the signature itself, by replacing the
scripts with empty strings (var length string of size 0)
 - replace the hashes referencing the outputs being spent with the
normalized hashes of the transaction that created the outputs. This is done
recursively down to the first v2 transactions.

The second part is not yet explained in the draft, but I will amend it as
soon as possible.


> Pubkeys (addresses) can be reused infinitely so what guarantees us
> unique normalized txids all the time and protection against replay
> attacks? The question is not if this issue is covered or not, I know it
> is, I am just asking how, in simpler terms.
>

Non-coinbase transactions can still not be replayed since the normalized
transaction still includes a the normalized transaction hashes of claimed
outputs, hence any attempt to replay a transaction would fail since the
outputs were already spent. For coinbase transactions it is indeed possible
that we create multiple transactions with the same hash (only one of which
would be spendable), hence we do not strip coinbase transactions and rely
on BIP 34 to make the coinbase transactions unique (except for blocks 91842
and 91880 which are the reason we introduced BIP 34 in the first place).
Clarifying the way the normalized transaction ID is computed should remove
any ambiguities I hope.


>
> SCRIPT_CHECKSIGEX_NORMALIZE could be explained better in the document.
>
> Will it also fix > third level malleability (a tx which spends from
> another unconfirmed tx which spends from yet another unconfirmed tx)?
>

Yes, if the computation of the normalized transaction ID includes replacing
input hashes with their normalized counterpart makes a chain of any depth
non-malleable.

HTH,
Christian

>
>
> On 10/19/2015 6:23 PM, Tier Nolan via bitcoin-dev wrote:
> > On Mon, Oct 19, 2015 at 3:01 PM, Christian Decker via bitcoin-dev
> > <bitcoin-dev@lists.linuxfoundation.org
> > <mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote:
> >
> >     As with the previous version, which was using a hard-fork, the
> >     normalized transaction ID is computed only considering the
> >     non-malleable parts of a transaction, i.e., stripping the signatures
> >     before computing the hash of the transaction.
> >     <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>
> >
> >
> > Is this proposal recursive?
> >
> > *Coinbase transaction
> > *
> >
> > * n-txid = txid
> >
> > *Non-coinbase transactions
> > *
> > * replace sigScripts with empty strings
> > * replace txids in TxIns with n-txid for parents
> >
> > The 2nd step is recursive starting from the coinbases.
> >
> > In effect, the rule is that txids are what they would have been if
> > n-txids had been used right from the start.
> >
> >
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 5059 bytes --]

  reply	other threads:[~2015-10-20 10:30 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-19 14:01 [bitcoin-dev] [BIP] Normalized transaction IDs Christian Decker
2015-10-19 15:23 ` Tier Nolan
2015-10-19 19:28   ` Christian Decker
2015-10-19 22:22   ` s7r
2015-10-20 10:30     ` Christian Decker [this message]
2015-10-21  6:18 ` Luke Dashjr
2015-10-21  7:39   ` Christian Decker
2015-10-21  7:52     ` Luke Dashjr
2015-10-21  8:31       ` Christian Decker
2015-10-21  8:39         ` Luke Dashjr
2015-10-21  8:44           ` Christian Decker
2015-10-21  8:46             ` Luke Dashjr
2015-10-21 18:22               ` Danny Thorpe
2015-10-21 19:27                 ` Gregory Maxwell
2015-10-21 23:20                 ` Luke Dashjr
2015-10-22  8:26                   ` Christian Decker
2015-10-22  8:57                     ` Gregory Maxwell
2015-10-22 11:54                       ` Christian Decker
2015-10-22  9:05                     ` Luke Dashjr
2015-11-03 20:37                       ` Christian Decker
2015-11-03 20:48                         ` Luke Dashjr
2015-11-03 21:44                           ` Christian Decker
2015-11-03 22:01                             ` Luke Dashjr
2015-11-05 15:27                               ` Jorge Timón
2015-11-05 19:36                                 ` Luke Dashjr
2015-11-05 20:25                                   ` Jorge Timón
2015-11-05 22:46                                     ` s7r
2015-11-05 22:29                                   ` Adam Back
2015-11-06 14:52                                 ` Christian Decker
2015-11-04  4:00                             ` Peter Todd
2015-11-05  9:38                               ` Christian Decker
2015-10-21  7:48   ` Gregory Maxwell
2015-10-21  8:26     ` Gregory Maxwell
2015-10-21  8:49       ` Christian Decker
2015-10-21  8:50         ` Christian Decker
2015-10-21 10:14         ` Gregory Maxwell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALxbBHVcorvyQnwkDw6O-s6_4uozOY2BB3Aj12H9re2xfyaomA@mail.gmail.com \
    --to=decker.christian@gmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=s7r@sky-ip.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox