From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WGE6A-0004sG-H0 for bitcoin-development@lists.sourceforge.net; Wed, 19 Feb 2014 20:50:30 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.77 as permitted sender) client-ip=62.13.149.77; envelope-from=pete@petertodd.org; helo=outmail149077.authsmtp.com; Received: from outmail149077.authsmtp.com ([62.13.149.77]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1WGE68-0004w7-PI for bitcoin-development@lists.sourceforge.net; Wed, 19 Feb 2014 20:50:30 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s1JKoKp7060290; Wed, 19 Feb 2014 20:50:20 GMT Received: from [25.107.78.124] ([24.114.51.245]) (authenticated bits=0) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s1JKnZEh062364; Wed, 19 Feb 2014 20:50:08 GMT User-Agent: K-9 Mail for Android In-Reply-To: <601EE159-9022-4ADF-80AC-7E1C39E86A65@mac.com> References: <52FBD948.906@monetize.io> <201402122252.31060.luke@dashjr.org> <601EE159-9022-4ADF-80AC-7E1C39E86A65@mac.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 From: Peter Todd Date: Wed, 19 Feb 2014 15:49:32 -0500 To: Michael Gronager , Pieter Wuille Message-ID: X-Server-Quench: 700b780a-99a7-11e3-b802-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdwsUHlAWAgsB AmIbWVReVV17WGU7 aQ5PbARZfE9PQQdu VVdMSlVNFEsrAGZ6 WHRrChl0dQZAfDBx bEBhWz5cXEQock59 E1NdHDwBeGZhPWMC AkhYdR5UcAFPdx8U a1UrBXRDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA44JBAX clgxNxQXVVUfQD00 NBUiHxYwEU8VM0M9 eUQgRVJQNhYWDgBX FUBJATNITwAA X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 24.114.51.245/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1WGE68-0004w7-PI Cc: Bitcoin Development Subject: Re: [Bitcoin-development] [RFC] [BIP proposal] Dealing with malleability X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Feb 2014 20:50:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 While we might be able to get away with a retroactive change in meaning right now in the future that won't be so easy. There are lots if proposed applications for nLockTime-using protocols that depend on transactions (or parts of transactions) being possible to mine as is. Making existing transactions impossible to mine in the future will break those types of applications. We might as well use this as a learning experience for what a version bump would look like infrastructures wise. Note how the above is a particularly bad example of gmaxwell's generic "don't break things" objection. Equally, remember that lots of infrastructure *does* handle malleability just fine already. On February 19, 2014 3:28:24 PM EST, Michael Gronager wrote: >Twisting your words a bit I read: > >* you want to support relay of transactions that can be changed on the >fly, but you consider it wrong to modify them. >* #3 is already not forwarded, but you still find it relevant to >support it. > >Rational use cases of #3 will be pretty hard to find given the fact >that they can be changed on the fly. We are down to inclusion in blocks >by miners for special purposes - or did I miss out something? > >I think that we could guarantee fewer incidents by making version 1 >transactions unmalleable and then optionally introduce a version 3 that >supported the malleability feature. That way most existing problematic >implementations would be fixed and no doors were closed for people >experimenting with other stuff - tx v 3 would probably then be called >experimental transactions. > >/M > > >On Feb 19, 2014, at 3:38 PM, Pieter Wuille >wrote: > >> On Wed, Feb 19, 2014 at 3:11 PM, Michael Gronager >wrote: >>> Why introduce a new transaction version for this purpose ? Wouldn't >it be more elegant to simply let: >>> >>> 1. the next bitcoin version "prettify" all relayed transactions as >deterministic transactions fulfilling the scheme 1-6 effectively >blocking any malleability attack? If miners would upgrade then all >transactions in blocks would have a deterministic hash. >> >> I consider actively mutating other's transactions worse than not >> relaying them. If we want people to make their software deal with >> malleability, either will work. >> >> Regarding deterministic hash: that's impossible. Some signature hash >> types are inherently (and intentionally) malleable. I don't think we >> should pretend to want to change that. The purpose is making >> non-malleability a choice the sender of a transaction can make. >> >> Most of the rules actually are enforced by IsStandard already now. >> Only #1 and #7 aren't. #1 affects the majority of all transactions, >so >> changing it right now would be painful. #7 only affects multisig. >> >>> 2. In a version later one could block relay of non deterministic >transactions, as well as the acceptance of blocks with non-confirming >transactions. >>> >>> To non-standard conforming clients this "prettify" change of hash >would be seen as a constant malleability attack, but given the >"prettify" code it is to fix any client into producing only conforming >transactions, just by running the transaction through it before >broadcast. >>> >>> There is a possible fork risk in step 2. above - if a majority of >miners still havn't upgraded to 1 when 2 is introduced. We could >monitor % non conforming transaction in a block and only introduce 2. >once that number is sufficiently small for a certain duration - >criteria: >>> * Switch on forcing of unmalleable transactions in blocks when there >has been only conforming transactions for 1000 blocks. >> >> The problem in making these rules into consensus rule (affecting >> tx/block validity) is that some rules (in particular #3) may not be >> wanted by everyone, as they effectively limit the possibilities of >the >> script language further. As it is ultimately only about protecting >> senders who care about non-malleability, introducing a new >transaction >> version is a very neat way of accomplishing that. The new block >> version number is only there to coordinate the rollout, and choosing >> an automatic forking point. >> >> -- >> Pieter > > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------------ >Managing the Performance of Cloud-Based Applications >Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. >Read the Whitepaper. >http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk > >------------------------------------------------------------------------ > >_______________________________________________ >Bitcoin-development mailing list >Bitcoin-development@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/bitcoin-development -----BEGIN PGP SIGNATURE----- Version: APG v1.0.9 iQFQBAEBCAA6BQJTBRjcMxxQZXRlciBUb2RkIChsb3cgc2VjdXJpdHkga2V5KSA8 cGV0ZUBwZXRlcnRvZGQub3JnPgAKCRAZnIM7qOfwhbuuCADHHZvCbWNR+hj3lq2u Xjr8POSsMWk4XorvLftgXSzAzypr7n0BP7+fmz/v0J98XfeOHxf8NHB2VXzFMCzI mstYyFC+gdsPf9eIMoN2S9EB9d4Lh1Y7Zv5BGqopuHCUIVMpzk2QDaFlLe+gW8Ai p4Yv/jGib8ym1ahJ24nZ89l7Psa+uXDw8N2VX5PcyDNVRwzuXwa0h2Kix/gt8uJb RV5Sj3duxUE6mOGN07j6lPu9VcrtD0ydvAO3DoEJqkBqjhbC33h05H96KPQKuGcg 5DOKXUV5ChW5CF3DH5HN/LdduLgbTevtLbkBhdLKo+z5GKaU7Qpc5i6dIeAKl3uA KCQE =DiAE -----END PGP SIGNATURE-----