public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: [Bitcoin-development] Malleability and MtGox's announcement
Date: Mon, 10 Feb 2014 13:28:42 +0100	[thread overview]
Message-ID: <CAPg+sBi-phaw3hDgguk-LYrPsKX4M5snTJBv_NsQML1M=XgZEw@mail.gmail.com> (raw)

Hi all,

I was a bit surprised to see MtGox's announcement. The malleability of
transactions was known for years already (see for example the wiki
article on it, https://en.bitcoin.it/wiki/Transaction_Malleability it,
or mails on this list from 2012 and 2013). I don't consider it a very
big problem, but it does make it harder for infrastructure to interact
with Bitcoin. If we'd design Bitcoin today, I'm sure we would try to
avoid it altogether to make life easier for everyone.

But we can't just change all infrastructure that exists today. We're
slowly working towards making malleability harder (and hopefully
impossible someday), but this will take a long time. For example, 0.8
not supporting non-DER encoded signatures was a step in that direction
(and ironically, the trigger that caused MtGox's initial problems
here). In any case, this will take years, and nobody should wait for
this.

There seem to be two more direct problems here.
* Wallets which deal badly with modified txids.
* Services that use the transaction id to detect unconfirming transactions.

The first is something that needs to be done correctly in software -
it just needs to be aware of malleability.

The second is something I was unaware of and would have advised
against. If you plan on reissuing a transaction because on old version
doesn't confirm, make sure to make it a double spend of the first one
- so that not both can confirm.

I certainly don't like press making this sound like a problem in the
Bitcoin protocol or clients. I think this is an issue that needs to be
solved at the layer above - the infrastructure building on the Bitcoin
system. Despite that, I do think that we (as a community, not just
developers) can benefit from defining a standard way to identify
transactions unambiguously. This is something Mark Karpeles suggested
a few days ago, and my proposal is this:

We define the normalized transaction id as SHA256^2(normalized_tx +
0x01000000), where normalized_tx is the transaction with all input
scripts replaced by empty scripts. This is exactly what would be
signed inside transaction signatures using SIGHASH_ALL (except not
substituting the previous scriptPubKey to be signed, and not dealing
with the input being signed specially). An implementation is here:
https://github.com/sipa/bitcoin/commits/normtxid.

Note that this is not a solution for all problems related to
malleability, but maybe it can make people more aware of it, in
tangible way.

-- 
Pieter



             reply	other threads:[~2014-02-10 12:28 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-10 12:28 Pieter Wuille [this message]
2014-02-10 16:14 ` [Bitcoin-development] Malleability and MtGox's announcement Troy Benjegerdes
2014-02-10 16:57   ` Nick Simpson
2014-02-10 18:02     ` Troy Benjegerdes
     [not found]   ` <CANOOu=_rQfRORmbEWz=1MVk9dK26ddiCeyeHMaua6iyioBUr4g@mail.gmail.com>
2014-02-10 17:54     ` Troy Benjegerdes
2014-02-10 19:47 ` Oliver Egginger
2014-02-10 20:40   ` Gregory Maxwell
2014-02-10 20:47   ` Tier Nolan
2014-02-10 20:55     ` Gregory Maxwell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPg+sBi-phaw3hDgguk-LYrPsKX4M5snTJBv_NsQML1M=XgZEw@mail.gmail.com' \
    --to=pieter.wuille@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox