public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Pieter Wuille <pieter.wuille@gmail.com>
To: Christian Decker <decker.christian@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [BIP] Normalized Transaction IDs
Date: Wed, 13 May 2015 11:40:34 -0700	[thread overview]
Message-ID: <CAPg+sBjX=u4Osbzr+25w-5QzzhWGKryzW2K-0Xu3gS0eJXUUDw@mail.gmail.com> (raw)
In-Reply-To: <CALxbBHU-0huAs_y3cZCfmKKAAq3LHut8DwdSGm+1Rym3pb9j2A@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3898 bytes --]

On Wed, May 13, 2015 at 11:04 AM, Christian Decker <
decker.christian@gmail.com> wrote:

> If the inputs to my transaction have been long confirmed I can be
> reasonably safe in assuming that the transaction hash does not change
> anymore. It's true that I have to be careful not to build on top of
> transactions that use legacy references to transactions that are
> unconfirmed or have few confirmations, however that does not invalidate the
> utility of the normalized transaction IDs.
>

Sufficient confirmations help of course, but make systems like this less
useful for more complex interactions where you have multiple unconfirmed
transactions waiting on each other. I think being able to rely on this
problem being solved unconditionally is what makes the proposal attractive.
For the simple cases, see BIP62.

I remember reading about the SIGHASH proposal somewhere. It feels really
> hackish to me: It is a substantial change to the way signatures are
> verified, I cannot really see how this is a softfork if clients that did
> not update are unable to verify transactions using that SIGHASH Flag and it
> is adding more data (the normalized hash) to the script, which has to be
> stored as part of the transaction. It may be true that a node observing
> changes in the input transactions of a transaction using this flag could
> fix the problem, however it requires the node's intervention.
>

I think you misunderstand the idea. This is related, but orthogonal to the
ideas about extended the sighash flags that have been discussed here before.

All it's doing is adding a new CHECKSIG operator to script, which, in its
internally used signature hash, 1) removes the scriptSigs from transactions
before hashing 2) replaces the txids in txins by their ntxid. It does not
add any data to transactions, and it is a softfork, because it only impacts
scripts which actually use the new CHECKSIG operator. Wallets that don't
support signing with this new operator would not give out addresses that
use it.

>
> Compare that to the simple and clean solution in the proposal, which does
> not add extra data to be stored, keeps the OP_*SIG* semantics as they are
> and where once you sign a transaction it does not have to be monitored or
> changed in order to be valid.
>

OP_*SIG* semantics don't change here either, we're just adding a superior
opcode (which in most ways behaves the same as the existing operators). I
agree with the advantage of not needing to monitor transactions afterwards
for malleated inputs, but I think you underestimate the deployment costs.
If you want to upgrade the world (eventually, after the old index is
dropped, which is IMHO the only point where this proposal becomes superior
to the alternatives) to this, you're changing *every single piece of
Bitcoin software on the planet*. This is not just changing some validation
rules that are opt-in to use, you're fundamentally changing how
transactions refer to each other.

Also, what do blocks commit to? Do you keep using the old transaction ids
for this? Because if you don't, any relayer on the network can invalidate a
block (and have the receiver mark it as invalid) by changing the txids. You
need to somehow commit to the scriptSig data in blocks still so the POW of
a block is invalidated by changing a scriptSig.

There certainly are merits using the SIGHASH approach in the short term (it
> does not require a hard fork), however I think the normalized transaction
> ID is a cleaner and simpler long-term solution, even though it requires a
> hard-fork.
>

It requires a hard fork, but more importantly, it requires the whole world
to change their software (not just validation code) to effectively use it.
That, plus large up-front deployment costs (doubling the cache size for
every full node for the same propagation speed is not a small thing) which
may not end up being effective.

-- 
Pieter

[-- Attachment #2: Type: text/html, Size: 4831 bytes --]

  reply	other threads:[~2015-05-13 18:40 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-13 12:48 [Bitcoin-development] [BIP] Normalized Transaction IDs Christian Decker
2015-05-13 13:12 ` Tier Nolan
2015-05-13 13:41   ` Gavin Andresen
2015-05-13 15:24     ` Christian Decker
2015-05-13 16:18       ` Tier Nolan
2015-05-13 16:34 ` Luke Dashjr
2015-05-13 17:14 ` Pieter Wuille
2015-05-13 18:04   ` Christian Decker
2015-05-13 18:40     ` Pieter Wuille [this message]
2015-05-13 19:14       ` Christian Decker
2015-05-13 19:40         ` Pieter Wuille
2015-05-13 18:11   ` Tier Nolan
2015-05-13 20:27     ` Tier Nolan
2015-05-13 20:31       ` Pieter Wuille
2015-05-13 20:32         ` Tier Nolan
2015-05-14  0:37           ` Pieter Wuille
2015-05-14 11:01             ` Christian Decker
2015-05-14 11:26               ` Christian Decker
2015-05-15  9:54 ` s7r
2015-05-15 10:45   ` Tier Nolan
2015-05-15 16:31   ` Luke Dashjr
2015-05-16  3:58   ` Stephen
2015-05-16 10:52     ` Tier Nolan
2015-05-19  8:28     ` Christian Decker
2015-05-19  9:13       ` Tier Nolan
2015-05-19 10:43         ` Christian Decker
2015-05-19 12:48           ` Stephen Morse

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPg+sBjX=u4Osbzr+25w-5QzzhWGKryzW2K-0Xu3gS0eJXUUDw@mail.gmail.com' \
    --to=pieter.wuille@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=decker.christian@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox