Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id CE11990 for ; Wed, 21 Oct 2015 07:39:57 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com [209.85.212.169]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E3986E4 for ; Wed, 21 Oct 2015 07:39:56 +0000 (UTC) Received: by wicll6 with SMTP id ll6so61110077wic.1 for ; Wed, 21 Oct 2015 00:39:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=ELv58C6ORMSz0Giq540UCs6TecRw/GZcwRP8INyoh+c=; b=oh52ZmPzYUk6QzgwVdR4iSHVjWRuhVIVCb24T3CnMLx2YWRNFz7ki4tpiGaYze1afR joQq/YFjZqzcCJzQcFyiHBhZJMkVUq4nAD3U1vf2hsRZ2cpb4gQfnKmxwl/x6lUTxOqh OnNIX271aeVfYXiBBXqMCP14Gv/9obmA3mWlXHD6/PqrvABDewn55Fh8RlGPzsXYZvvq qTtrY2TvXZrqml2Auxdtxh4YfJhCxdy24tMj17K63pwovGDvflbsS97e9AMcSg8Aud4a E2Km+z4KsarX/O95oOUUaxmCfjiPKJYk1IcNTPfaNAt0zqwKqluAafCQuOVR19lA/dUU 6xtg== X-Received: by 10.180.206.230 with SMTP id lr6mr9665346wic.69.1445413195262; Wed, 21 Oct 2015 00:39:55 -0700 (PDT) MIME-Version: 1.0 References: <201510210618.56159.luke@dashjr.org> In-Reply-To: <201510210618.56159.luke@dashjr.org> From: Christian Decker Date: Wed, 21 Oct 2015 07:39:45 +0000 Message-ID: To: Luke Dashjr , bitcoin-dev@lists.linuxfoundation.org Content-Type: multipart/alternative; boundary=001a11c3877e0eaf7b0522987c03 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2015 07:39:57 -0000 --001a11c3877e0eaf7b0522987c03 Content-Type: text/plain; charset=UTF-8 On Wed, Oct 21, 2015 at 8:19 AM Luke Dashjr wrote: > On Monday, October 19, 2015 2:01:04 PM Christian Decker via bitcoin-dev > wrote: > > The proposal is implemented (see below), by computing the normalized > > transaction ID when adding them to the UTXO and storing them along with > the > > coin state. OP_CHECKSIGEX mostly duplicates OP_CHECKSIG and > > OP_CHECKMULTISIG, but I'm hoping somebody can give me some pointers into > > how to best refactor the common functionality into reusable blocks. And > the > > annotating incoming transactions with their normalized inputs is a bit > > cumbersome, maye somebody has some pointers here as well? > This doesn't completely close malleability (which should be documented in > the > BIP), so I'm not sure it's worth the cost, especially if closing > malleability > later on would need more. How about specifying flags upfront in the UTXO- > creating transaction specifying which parts the signature will cover? This > would allow implementation of fully malleability-proof wallets. > As far as I see it the only remaining venues for malleability are the use of sighash flags that are not SIGHASH_ALL, as mentioned in the BIP. Any use of non-sighash_all flags is already an explicit permission to modify the transactions, by adding and removing inputs and outputs, so I don't see how these can be made non-malleable. Am I missing something? > > Additionally, you have a flag to control whether the opcode behaves as > VERIFY > or not. Non-VERIFY is not possible as a softfork (without doing a > second/new > P2SH) since it can be negated. > Yes, this is my mistake and has been pointed out in the PR, I will amend the PR to make the verify flag mandatory, which also guarantees that the top of the stack contains a non-null element, thus resulting in a successful evaluation on non-updated clients. > > Luke > --001a11c3877e0eaf7b0522987c03 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On Wed, Oct 21= , 2015 at 8:19 AM Luke Dashjr <luke@d= ashjr.org> wrote:
On Monda= y, October 19, 2015 2:01:04 PM Christian Decker via bitcoin-dev wrote:
> The proposal is implemented (see below), by computing the normalized > transaction ID when adding them to the UTXO and storing them along wit= h the
> coin state. OP_CHECKSIGEX mostly duplicates OP_CHECKSIG and
> OP_CHECKMULTISIG, but I'm hoping somebody can give me some pointer= s into
> how to best refactor the common functionality into reusable blocks. An= d the
> annotating incoming transactions with their normalized inputs is a bit=
> cumbersome, maye somebody has some pointers here as well?
=

This doesn't completely close malleability (which should be documented = in the
BIP), so I'm not sure it's worth the cost, especially if closing ma= lleability
later on would need more. How about specifying flags upfront in the UTXO- creating transaction specifying which parts the signature will cover? This<= br> would allow implementation of fully malleability-proof wallets.

As far as I see it the only remaining venues for m= alleability are the use of sighash flags that are not SIGHASH_ALL, as menti= oned in the BIP. Any use of non-sighash_all flags is already an explicit pe= rmission to modify the transactions, by adding and removing inputs and outp= uts, so I don't see how these can be made non-malleable. Am I missing s= omething?
=C2=A0

Additionally, you have a flag to control whether the opcode behaves as VERI= FY
or not. Non-VERIFY is not possible as a softfork (without doing a second/ne= w
P2SH) since it can be negated.

Yes, thi= s is my mistake and has been pointed out in the PR, I will amend the PR to = make the verify flag mandatory, which also guarantees that the top of the s= tack contains a non-null element, thus resulting in a successful evaluation= on non-updated clients.
=C2=A0

Luke
--001a11c3877e0eaf7b0522987c03--