Hi Sjors,

Sorry to be a bit pedantic here, but I think this distinction is important. Are you referring to a pre-SegWit transaction or a SegWit transaction? It’s crucial to analyze these separately, as SegWit was designed to solve transaction malleability, which affects how we assess backward compatibility concerns when disallowing 64-byte transactions.

In the future, it would be helpful to explicitly specify “pre-segwit” or “segwit” when discussing potential transactions. In my draft BIP, I differentiate between these two types when evaluating the backward compatibility risks of disallowing 64-byte transactions. Additionally, as I mentioned earlier (and as I believe Jeremy has also raised concerns about), there are potential future compatibility issues with segwit transactions.

I'll take a closer look at the Stack Exchange examples and share my thoughts there when I have a bit of time.

Thanks for diving into this in detail—I really appreciate it.

- Chris


On Fri, Mar 28, 2025 at 7:48 AM Sjors Provoost <sjors@sprovoost.nl> wrote:
Hi Chris,

Thanks for that example.

I also realised that there indeed can exist 64 byte transactions that can't be malleated into a different size (see Stack Exchange link below). The example uses SIGHASH_SINGLE | SIGHASH_ANYONECANPAY, so as long as our hypothetical smart contracting system uses those flags for its burn-all / giveaway-all clauses, then if it produces a 64 byte transaction by mistake, it's recoverable.

But a SIGHASH_ALL could get stuck (can't be confirmed, can't be modified). And IIUC with OP_CTV even a SIGHASH_SINGLE | SIGHASH_ANYONECANPAY, once committed inside a CTV tree, can't be modified.

- Sjors

Op 28 mrt 2025, om 12:02 heeft Chris Stewart <stewart.chris1234@gmail.com> het volgende geschreven:

Hi Sjors,

An example is any segwit transaction that 1 input 1 output that pays to a 2 byte witness program. Since witness data doesn't count towards the 64 byte limit, the witness could be of arbitrary size. This was pointed out by garlonicon on delvingbitcoin. This type of witness program is used for pay-to-anchor outputs currently - although I don't believe anchor outputs make sense in a 1 input 1 output transaction? The author of pay to anchor outputs is aware of this issue, but I haven't heard of any further updates since his post on delving.

-Chris

On Fri, Mar 28, 2025 at 4:25 AM Sjors Provoost <sjors@sprovoost.nl> wrote:

> Op 27 mrt 2025, om 21:45 heeft jeremy <jeremy.l.rubin@gmail.com> het volgende geschreven:
>
> I'm also personally strongly against removing 64-byte transactions. It's a wart in how transactions work, and future upgrades (especially around tx programmability) might integrate very poorly with this kind of edge condition.

Do you have an example in mind where a 64-byte transaction could appear in such a system?

Given the limited space, in particular no room for a public key or signature, I could imagine a burn or anyone-can-spend clause. Those don't have to be exactly 64 bytes. Even if 64 byte transactions are generated by accident, I believe they can be tweaked after the fact (though that claim could use more scrutiny):

https://bitcoin.stackexchange.com/q/125971/4948


--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAGL6%2BmHuVgWc9ATjRnBz%2Bb7SJyz84La8q9jeM%3Dyiw-Anh%3Da3ag%40mail.gmail.com.