From: Christian Decker <decker.christian@gmail•com>
To: Luke Dashjr <luke@dashjr•org>
Cc: bitcoin-dev@lists•linuxfoundation.org
Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs
Date: Wed, 21 Oct 2015 08:44:53 +0000 [thread overview]
Message-ID: <CALxbBHWOp9Q67bqSd4h=2+28PT_2stWzMBQ=nSvxPqKocx_xtQ@mail.gmail.com> (raw)
In-Reply-To: <201510210839.42420.luke@dashjr.org>
[-- Attachment #1: Type: text/plain, Size: 2533 bytes --]
Hm, that is true as long as the signer is the only signer of the
transaction, otherwise he'd be invalidating the signatures of the other
signers. That can however be fixed by having a canonical ordering of Inputs
and Outputs, which has been discussed before in order to decrease
information that can be gained about the spender. Maybe we can defer to
that effort?
On Wed, Oct 21, 2015 at 10:41 AM Luke Dashjr <luke@dashjr•org> wrote:
> On Wednesday, October 21, 2015 8:31:42 AM Christian Decker wrote:
> > On Wed, Oct 21, 2015 at 9:52 AM Luke Dashjr <luke@dashjr•org> wrote:
> > > On Wednesday, October 21, 2015 7:39:45 AM Christian Decker wrote:
> > > > On Wed, Oct 21, 2015 at 8:19 AM Luke Dashjr <luke@dashjr•org> wrote:
> > > > > This doesn't completely close malleability (which should be
> > > > > documented
> > >
> > > in
> > >
> > > > > the BIP), so I'm not sure it's worth the cost, especially if
> closing
> > > > > malleability later on would need more. How about specifying flags
> > >
> > > upfront
> > >
> > > > > in the UTXO-creating transaction specifying which parts the
> signature
> > > > > will cover? This would allow implementation of fully
> > > > > malleability-proof wallets.
> > > >
> > > > As far as I see it the only remaining venues for malleability are the
> > > > use of sighash flags that are not SIGHASH_ALL, as mentioned in the
> > > > BIP. Any
> > >
> > > use
> > >
> > > > of non-sighash_all flags is already an explicit permission to modify
> > > > the transactions, by adding and removing inputs and outputs, so I
> > > > don't see
> > >
> > > how
> > >
> > > > these can be made non-malleable. Am I missing something?
> > >
> > > Signer malleability is still a notable concern needing consideration.
> > > Ideally,
> > > wallets should be trying to actively CoinJoin, bump fees on, etc any
> > > pending
> > > transactions in the background. These forms of malleability affect
> nearly
> > > as
> > > many real use cases as third-party malleability.
> > >
> > > Luke
> >
> > How is signer malleability still a problem if we remove the signatures
> from
> > the transaction ID of the transaction and all preceding transactions? The
> > signer can re-sign a transaction but it won't change the transaction ID.
>
> The signer can also change the order of the inputs, the inputs themselves,
> add/remove outputs, etc... all which should be possible without becoming a
> different logical transaction. The only unique property of the logical
> transaction is the scriptPubKey/address.
>
> Luke
>
[-- Attachment #2: Type: text/html, Size: 3378 bytes --]
next prev parent reply other threads:[~2015-10-21 8:45 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-19 14:01 Christian Decker
2015-10-19 15:23 ` Tier Nolan
2015-10-19 19:28 ` Christian Decker
2015-10-19 22:22 ` s7r
2015-10-20 10:30 ` Christian Decker
2015-10-21 6:18 ` Luke Dashjr
2015-10-21 7:39 ` Christian Decker
2015-10-21 7:52 ` Luke Dashjr
2015-10-21 8:31 ` Christian Decker
2015-10-21 8:39 ` Luke Dashjr
2015-10-21 8:44 ` Christian Decker [this message]
2015-10-21 8:46 ` Luke Dashjr
2015-10-21 18:22 ` Danny Thorpe
2015-10-21 19:27 ` Gregory Maxwell
2015-10-21 23:20 ` Luke Dashjr
2015-10-22 8:26 ` Christian Decker
2015-10-22 8:57 ` Gregory Maxwell
2015-10-22 11:54 ` Christian Decker
2015-10-22 9:05 ` Luke Dashjr
2015-11-03 20:37 ` Christian Decker
2015-11-03 20:48 ` Luke Dashjr
2015-11-03 21:44 ` Christian Decker
2015-11-03 22:01 ` Luke Dashjr
2015-11-05 15:27 ` Jorge Timón
2015-11-05 19:36 ` Luke Dashjr
2015-11-05 20:25 ` Jorge Timón
2015-11-05 22:46 ` s7r
2015-11-05 22:29 ` Adam Back
2015-11-06 14:52 ` Christian Decker
2015-11-04 4:00 ` Peter Todd
2015-11-05 9:38 ` Christian Decker
2015-10-21 7:48 ` Gregory Maxwell
2015-10-21 8:26 ` Gregory Maxwell
2015-10-21 8:49 ` Christian Decker
2015-10-21 8:50 ` Christian Decker
2015-10-21 10:14 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALxbBHWOp9Q67bqSd4h=2+28PT_2stWzMBQ=nSvxPqKocx_xtQ@mail.gmail.com' \
--to=decker.christian@gmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=luke@dashjr$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox