1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 3C85467
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 21 Oct 2015 07:48:40 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f174.google.com (mail-io0-f174.google.com
[209.85.223.174])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A49F2E3
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 21 Oct 2015 07:48:39 +0000 (UTC)
Received: by iodv82 with SMTP id v82so48681478iod.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 21 Oct 2015 00:48:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
bh=pk/55NejMfHLhzAcj20dpS9gDZL4QhOMa+mCx4NsGms=;
b=v1zag/Jz6V6+3OdcIHEVDcmtp0fIkHRnWndjfLuyBtlY1Wg8+kJHpGTC9LnQhMK720
+P4zQpfakWAzp1zobRemLkxjue3N2RYKyU/qYLYNLAFcb2000XQPx9KXL5asl3ELRurp
P6mGj498WGGSQ8m+Oj4tyeIkJUTCWlhksXTZHfEb/AwzQzQaoBJ1/onGjVawHFvS4bHE
/n7bi/X7E6kV1BjhlG3iP+H77iEj4FhjxH63tpuq9QDXmt9nUIrs6kboffcumlnMF4Jk
m36SPwVouqYVnLyXOTBuH163IOW28PJ7v3h9TrGpMDMpw8FE8ittEhNCC4nliKTl2Prl
SvTQ==
MIME-Version: 1.0
X-Received: by 10.107.47.219 with SMTP id v88mr8409281iov.134.1445413719154;
Wed, 21 Oct 2015 00:48:39 -0700 (PDT)
Received: by 10.107.23.197 with HTTP; Wed, 21 Oct 2015 00:48:39 -0700 (PDT)
In-Reply-To: <201510210618.56159.luke@dashjr.org>
References: <CALxbBHU+kdEAh_4+B663vknAAr8OKZpUzVTACORPZi47E=Ehkw@mail.gmail.com>
<201510210618.56159.luke@dashjr.org>
Date: Wed, 21 Oct 2015 07:48:39 +0000
Message-ID: <CAAS2fgT4DU1MuOwo0Qr4yMNRamajD=KrOVP93pzApWMpry-Srg@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Luke Dashjr <luke@dashjr.org>
Content-Type: text/plain; charset=UTF-8
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2015 07:48:40 -0000
On Wed, Oct 21, 2015 at 6:18 AM, Luke Dashjr via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Monday, October 19, 2015 2:01:04 PM Christian Decker via bitcoin-dev wrote:
>> The proposal is implemented (see below), by computing the normalized
>> transaction ID when adding them to the UTXO and storing them along with the
>> coin state. OP_CHECKSIGEX mostly duplicates OP_CHECKSIG and
>> OP_CHECKMULTISIG, but I'm hoping somebody can give me some pointers into
>> how to best refactor the common functionality into reusable blocks. And the
>> annotating incoming transactions with their normalized inputs is a bit
>> cumbersome, maye somebody has some pointers here as well?
>
> This doesn't completely close malleability (which should be documented in the
> BIP), so I'm not sure it's worth the cost, especially if closing malleability
> later on would need more. How about specifying flags upfront in the UTXO-
> creating transaction specifying which parts the signature will cover? This
> would allow implementation of fully malleability-proof wallets.
>
> Additionally, you have a flag to control whether the opcode behaves as VERIFY
> or not. Non-VERIFY is not possible as a softfork (without doing a second/new
> P2SH) since it can be negated.
Flagability cannot work recursively which is necessary for any
improvement to be useful for multi-phase protocols. (which, I think,
is the only real application of this class of improvement-- third
party mutation can be prevented by enforced canonical encodings;)
One still wants sighash flags--, but they're going to inherently
result in malleability.
I'm still sad that uniform segregated witeness is so hard to deploy,
adding another id to every utxo set won't be a nice cost. :( But I
have been trying for a long time to come up with anything better and
not being successful.
|
