public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Christian Decker <decker.christian@gmail.com>
To: Stephen <stephencalebmorse@gmail.com>, "s7r@sky-ip.org" <s7r@sky-ip.org>
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [BIP] Normalized Transaction IDs
Date: Tue, 19 May 2015 08:28:58 +0000	[thread overview]
Message-ID: <CALxbBHXC=jc+7Vj-3-VT7kj-+V6ORdeJPr_G9ymOcJyFZ3hy=A@mail.gmail.com> (raw)
In-Reply-To: <AC0B3BAC-0934-46A3-B29A-F74238616F72@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 6586 bytes --]

Thanks Stephen, I hadn't thought about BIP 34 and we need to address this
in both proposals. If we can avoid it I'd like not to have one transaction
hashed one way and other transactions in another way.

Since BIP 34 explicitly uses the scriptSig to make the coinbase transaction
unique, simply removing the scriptSig is not an option as it would
potentially cause collisions. I don't remember why the scriptSig was
chosen, but we also have the option of putting the blockchain height in the
sequence number of the coinbase input or the locktime of the transaction,
restoring the uniqueness constraint in normalized transaction IDs (for both
proposals). Is there a specific reason why that was not chosen at the time?

On Sat, May 16, 2015 at 5:58 AM Stephen <stephencalebmorse@gmail.com> wrote:

> We should make sure to consider how BIP34 affects normalized transaction
> ids, since the height of the block is included in the scriptSig ensuring
> that the txid will be different. We wouldn't want to enable replay attacks
> in the form of spending coinbase outputs in the same way they were spent
> from a previous block.
>
> So maybe normalized txids should strip the scriptSigs of all transactions
> except for coinbase transactions? This seems to make sense, since coinbase
> transactions are inherently not malleable anyway.
>
> Also, s7r linked to my 'Build your own nHashType' proposal (although V2 is
> here:
> https://github.com/scmorse/bitcoin-misc/blob/master/sighash_proposal_v2.md).
> I just wanted to add that I think even with normalized ids, it could still
> be useful to be able to apply these flags to choose which parts of the
> transaction become signed. I've also seen vague references to some kind of
> a merklized abstract syntax tree, but am not fully sure how that would
> work. Maybe someone on here could explain it?
>
> Best,
> Stephen
>
>
>
> > On May 15, 2015, at 5:54 AM, s7r <s7r@sky-ip.org> wrote:
> >
> > Hello,
> >
> > How will this exactly be safe against:
> > a) the malleability of the parent tx (2nd level malleability)
> > b) replays
> >
> > If you strip just the scriptSig of the input(s), the txid(s) can still
> > be mutated (with higher probability before it gets confirmed).
> >
> > If you strip both the scriptSig of the parent and the txid, nothing can
> > any longer be mutated but this is not safe against replays. This could
> > work if we were using only one scriptPubKey per tx. But this is not
> > enforced, and I don't think it's the proper way to do it.
> >
> > Something similar can be achieved if you would use a combination of
> > flags from here:
> >
> > https://github.com/scmorse/bitcoin-misc/blob/master/sighash_proposal.md
> >
> > But this has some issues too.
> >
> > I've read your draft but didn't understand how exactly will this prevent
> > normal malleability as we know it, second level malleability and replays
> > as well as how will we do the transition into mapping the txes in the
> > blockchain to normalized txids. Looking forward to read more on this
> > topic. Thanks for the brainstorming ;)
> >
> >
> >> On 5/13/2015 3:48 PM, Christian Decker wrote:
> >> Hi All,
> >>
> >> I'd like to propose a BIP to normalize transaction IDs in order to
> >> address transaction malleability and facilitate higher level protocols.
> >>
> >> The normalized transaction ID is an alias used in parallel to the
> >> current (legacy) transaction IDs to address outputs in transactions. It
> >> is calculated by removing (zeroing) the scriptSig before computing the
> >> hash, which ensures that only data whose integrity is also guaranteed by
> >> the signatures influences the hash. Thus if anything causes the
> >> normalized ID to change it automatically invalidates the signature. When
> >> validating a client supporting this BIP would use both the normalized tx
> >> ID as well as the legacy tx ID when validating transactions.
> >>
> >> The detailed writeup can be found
> >> here:
> https://github.com/cdecker/bips/blob/normalized-txid/bip-00nn.mediawiki.
> >>
> >> @gmaxwell: I'd like to request a BIP number, unless there is something
> >> really wrong with the proposal.
> >>
> >> In addition to being a simple alternative that solves transaction
> >> malleability it also hugely simplifies higher level protocols. We can
> >> now use template transactions upon which sequences of transactions can
> >> be built before signing them.
> >>
> >> I hesitated quite a while to propose it since it does require a hardfork
> >> (old clients would not find the prevTx identified by the normalized
> >> transaction ID and deem the spending transaction invalid), but it seems
> >> that hardforks are no longer the dreaded boogeyman nobody talks about.
> >> I left out the details of how the hardfork is to be done, as it does not
> >> really matter and we may have a good mechanism to apply a bunch of
> >> hardforks concurrently in the future.
> >>
> >> I'm sure it'll take time to implement and upgrade, but I think it would
> >> be a nice addition to the functionality and would solve a long standing
> >> problem :-)
> >>
> >> Please let me know what you think, the proposal is definitely not set in
> >> stone at this point and I'm sure we can improve it further.
> >>
> >> Regards,
> >> Christian
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> One dashboard for servers and applications across Physical-Virtual-Cloud
> >> Widest out-of-the-box monitoring support with 50+ applications
> >> Performance metrics, stats and reports that give you Actionable Insights
> >> Deep dive visibility with transaction tracing using APM Insight.
> >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> >>
> >>
> >>
> >> _______________________________________________
> >> Bitcoin-development mailing list
> >> Bitcoin-development@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >
> >
> ------------------------------------------------------------------------------
> > One dashboard for servers and applications across Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

[-- Attachment #2: Type: text/html, Size: 8953 bytes --]

  parent reply	other threads:[~2015-05-19  8:29 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-13 12:48 [Bitcoin-development] [BIP] Normalized Transaction IDs Christian Decker
2015-05-13 13:12 ` Tier Nolan
2015-05-13 13:41   ` Gavin Andresen
2015-05-13 15:24     ` Christian Decker
2015-05-13 16:18       ` Tier Nolan
2015-05-13 16:34 ` Luke Dashjr
2015-05-13 17:14 ` Pieter Wuille
2015-05-13 18:04   ` Christian Decker
2015-05-13 18:40     ` Pieter Wuille
2015-05-13 19:14       ` Christian Decker
2015-05-13 19:40         ` Pieter Wuille
2015-05-13 18:11   ` Tier Nolan
2015-05-13 20:27     ` Tier Nolan
2015-05-13 20:31       ` Pieter Wuille
2015-05-13 20:32         ` Tier Nolan
2015-05-14  0:37           ` Pieter Wuille
2015-05-14 11:01             ` Christian Decker
2015-05-14 11:26               ` Christian Decker
2015-05-15  9:54 ` s7r
2015-05-15 10:45   ` Tier Nolan
2015-05-15 16:31   ` Luke Dashjr
2015-05-16  3:58   ` Stephen
2015-05-16 10:52     ` Tier Nolan
2015-05-19  8:28     ` Christian Decker [this message]
2015-05-19  9:13       ` Tier Nolan
2015-05-19 10:43         ` Christian Decker
2015-05-19 12:48           ` Stephen Morse

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALxbBHXC=jc+7Vj-3-VT7kj-+V6ORdeJPr_G9ymOcJyFZ3hy=A@mail.gmail.com' \
    --to=decker.christian@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=s7r@sky-ip.org \
    --cc=stephencalebmorse@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox