Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WDkKk-0000IL-KM for bitcoin-development@lists.sourceforge.net; Thu, 13 Feb 2014 00:39:18 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.216.48 as permitted sender) client-ip=209.85.216.48; envelope-from=morcos@gmail.com; helo=mail-qa0-f48.google.com; Received: from mail-qa0-f48.google.com ([209.85.216.48]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WDkKj-00084M-JP for bitcoin-development@lists.sourceforge.net; Thu, 13 Feb 2014 00:39:18 +0000 Received: by mail-qa0-f48.google.com with SMTP id f11so15039633qae.7 for ; Wed, 12 Feb 2014 16:39:12 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.140.48.104 with SMTP id n95mr68149926qga.90.1392251952036; Wed, 12 Feb 2014 16:39:12 -0800 (PST) Received: by 10.140.48.208 with HTTP; Wed, 12 Feb 2014 16:39:11 -0800 (PST) In-Reply-To: <201402122252.31060.luke@dashjr.org> References: <52FBD948.906@monetize.io> <201402122252.31060.luke@dashjr.org> Date: Wed, 12 Feb 2014 19:39:11 -0500 Message-ID: From: Alex Morcos To: Luke-Jr Content-Type: multipart/alternative; boundary=001a1135183c0ac14f04f23eebab X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (morcos[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WDkKj-00084M-JP Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] [RFC] [BIP proposal] Dealing with malleability X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Feb 2014 00:39:18 -0000 --001a1135183c0ac14f04f23eebab Content-Type: text/plain; charset=ISO-8859-1 I apologize if this has been discussed many times before. As a long term solution to malleable transactions, wouldn't it be possible to modify the signatures to be of the entire transaction. Why do you have to zero out the inputs? I can see that this would be a hard fork, and maybe it would be somewhat tricky to extract signatures first (since you can sign everything except the signatures), but it would seem to me that this is an important enough change to consider making. On Wed, Feb 12, 2014 at 5:52 PM, Luke-Jr wrote: > On Wednesday, February 12, 2014 8:27:52 PM Mark Friedenbach wrote: > > On 02/12/2014 08:44 AM, Alan Reiner wrote: > > > Changing the protocol to use these static IDs is a pretty fundamental > > > change that would never happen in Bitcoin. But they can still be > > > useful at the application level to mitigate these issues. > > > > Not to mention that it would be potentially very insecure to have > > consensus depend on data (scriptSigs) which are not hashed in the Merkle > > structure of a block. > > > > Not that anyone on this list has suggested such a change, but I've seen > > it raised multiple times on the forum.... > > This would be a problem if it was used in the merkle tree, but I'm pretty > sure > using it for input selection would be pretty safe. One could even avoid the > index by simply using the hashScript as the sole input value; then even > CoinJoins would be safe without breaking chains of transactions (although > this > would break address reuse entirely - but I don't see that as a problem in a > theoretical world). One of those things that an altcoin could improve upon > Bitcoin with... ;) > > > ------------------------------------------------------------------------------ > Android apps run on BlackBerry 10 > Introducing the new BlackBerry 10.2.1 Runtime for Android apps. > Now with support for Jelly Bean, Bluetooth, Mapview and more. > Get your Android app in front of a whole new audience. Start now. > > http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --001a1135183c0ac14f04f23eebab Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
I apologize if this has been discussed many times before.<= div>

As a long term solution to malleable transactions, = wouldn't it be possible to modify the signatures to be of the entire tr= ansaction. =A0Why do you have to zero out the inputs? =A0I can see that thi= s would be a hard fork, and maybe it would be somewhat tricky to extract si= gnatures first (since you can sign everything except the signatures), but i= t would seem to me that this is an important enough change to consider maki= ng.







On Wed, Feb 12, 2014 at 5:52 PM, Luke-Jr <luke@= dashjr.org> wrote:
On Wednesday, February 12, 2= 014 8:27:52 PM Mark Friedenbach wrote:
> On 02/12/2014 08:44 AM, Alan Reiner wrote:
> > Changing the protocol to use these static IDs is a pretty fundame= ntal
> > change that would never happen in Bitcoin. =A0 But they can still= be
> > useful at the application level to mitigate these issues.
>
> Not to mention that it would be potentially very insecure to have
> consensus depend on data (scriptSigs) which are not hashed in the Merk= le
> structure of a block.
>
> Not that anyone on this list has suggested such a change, but I've= seen
> it raised multiple times on the forum....

This would be a problem if it was used in the merkle tree, but I'= m pretty sure
using it for input selection would be pretty safe. One could even avoid the=
index by simply using the hashScript as the sole input value; then even
CoinJoins would be safe without breaking chains of transactions (although t= his
would break address reuse entirely - but I don't see that as a problem = in a
theoretical world). One of those things that an altcoin could improve upon<= br> Bitcoin with... ;)

---------------------------------------------------------------------------= ---
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience. =A0Start now.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D124407151&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--001a1135183c0ac14f04f23eebab--