Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YtCL1-0006Ui-FH for bitcoin-development@lists.sourceforge.net; Fri, 15 May 2015 09:55:29 +0000 Received-SPF: neutral (sog-mx-1.v43.ch3.sourceforge.com: 162.222.225.20 is neither permitted nor denied by domain of sky-ip.org) client-ip=162.222.225.20; envelope-from=s7r@sky-ip.org; helo=outbound.mailhostbox.com; Received: from outbound.mailhostbox.com ([162.222.225.20]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1YtCKm-0000WE-93 for bitcoin-development@lists.sourceforge.net; Fri, 15 May 2015 09:55:27 +0000 Received: from [0.0.0.0] (manning1.torservers.net [96.44.189.100]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: s7r@sky-ip.org) by outbound.mailhostbox.com (Postfix) with ESMTPSA id 9A92F78184C; Fri, 15 May 2015 09:54:59 +0000 (GMT) Message-ID: <5555C26F.7080706@sky-ip.org> Date: Fri, 15 May 2015 12:54:55 +0300 From: s7r User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Christian Decker , Bitcoin Development References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=Ou6ysHLt c=1 sm=1 tr=0 a=s8xZHfdCR1WDCFMteBX5PQ==:117 a=s8xZHfdCR1WDCFMteBX5PQ==:17 a=ZDnEzkWgAAAA:8 a=-NIMs_s3AAAA:8 a=SY9aFQKHIdAA:10 a=N659UExz7-8A:10 a=bvjBBkZ6AAAA:8 a=NEAV23lmAAAA:8 a=JcT1meiOAAAA:8 a=FP58Ms26AAAA:8 a=R31bUt4ix5t8YeTpn7cA:9 a=1VWO3H-3S_Oj3jQk:21 a=z4g78kI1aK7fx81u:21 a=pILNOxqGKmIA:10 X-CTCH-RefID: str=0001.0A020203.5555C274.0101, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 X-CTCH-VOD: Unknown X-CTCH-Spam: Unknown X-CTCH-Score: 0.000 X-CTCH-Rules: X-CTCH-Flags: 0 X-CTCH-ScoreCust: 0.000 X-CTCH-SenderID: s7r@sky-ip.org X-CTCH-SenderID-TotalMessages: 1 X-CTCH-SenderID-TotalSpam: 0 X-CTCH-SenderID-TotalSuspected: 0 X-CTCH-SenderID-TotalBulk: 0 X-CTCH-SenderID-TotalConfirmed: 0 X-CTCH-SenderID-TotalRecipients: 0 X-CTCH-SenderID-TotalVirus: 0 X-CTCH-SenderID-BlueWhiteFlag: 0 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.8 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [162.222.225.20 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 TIME_LIMIT_EXCEEDED Exceeded time limit / deadline X-Headers-End: 1YtCKm-0000WE-93 Subject: Re: [Bitcoin-development] [BIP] Normalized Transaction IDs X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: s7r@sky-ip.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2015 09:55:29 -0000 Hello, How will this exactly be safe against: a) the malleability of the parent tx (2nd level malleability) b) replays If you strip just the scriptSig of the input(s), the txid(s) can still be mutated (with higher probability before it gets confirmed). If you strip both the scriptSig of the parent and the txid, nothing can any longer be mutated but this is not safe against replays. This could work if we were using only one scriptPubKey per tx. But this is not enforced, and I don't think it's the proper way to do it. Something similar can be achieved if you would use a combination of flags from here: https://github.com/scmorse/bitcoin-misc/blob/master/sighash_proposal.md But this has some issues too. I've read your draft but didn't understand how exactly will this prevent normal malleability as we know it, second level malleability and replays as well as how will we do the transition into mapping the txes in the blockchain to normalized txids. Looking forward to read more on this topic. Thanks for the brainstorming ;) On 5/13/2015 3:48 PM, Christian Decker wrote: > Hi All, >=20 > I'd like to propose a BIP to normalize transaction IDs in order to > address transaction malleability and facilitate higher level protocols. >=20 > The normalized transaction ID is an alias used in parallel to the > current (legacy) transaction IDs to address outputs in transactions. It > is calculated by removing (zeroing) the scriptSig before computing the > hash, which ensures that only data whose integrity is also guaranteed b= y > the signatures influences the hash. Thus if anything causes the > normalized ID to change it automatically invalidates the signature. Whe= n > validating a client supporting this BIP would use both the normalized t= x > ID as well as the legacy tx ID when validating transactions. >=20 > The detailed writeup can be found > here: https://github.com/cdecker/bips/blob/normalized-txid/bip-00nn.med= iawiki. >=20 > @gmaxwell: I'd like to request a BIP number, unless there is something > really wrong with the proposal. >=20 > In addition to being a simple alternative that solves transaction > malleability it also hugely simplifies higher level protocols. We can > now use template transactions upon which sequences of transactions can > be built before signing them. >=20 > I hesitated quite a while to propose it since it does require a hardfor= k > (old clients would not find the prevTx identified by the normalized > transaction ID and deem the spending transaction invalid), but it seems > that hardforks are no longer the dreaded boogeyman nobody talks about. > I left out the details of how the hardfork is to be done, as it does no= t > really matter and we may have a good mechanism to apply a bunch of > hardforks concurrently in the future. >=20 > I'm sure it'll take time to implement and upgrade, but I think it would > be a nice addition to the functionality and would solve a long standing > problem :-) >=20 > Please let me know what you think, the proposal is definitely not set i= n > stone at this point and I'm sure we can improve it further. >=20 > Regards, > Christian >=20 >=20 > -----------------------------------------------------------------------= ------- > One dashboard for servers and applications across Physical-Virtual-Clou= d=20 > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insight= s > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >=20 >=20 >=20 > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development >=20