Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A639C9A for ; Tue, 3 Nov 2015 20:49:03 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from zinan.dashjr.org (zinan.dashjr.org [192.3.11.21]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 3A83D8D for ; Tue, 3 Nov 2015 20:49:03 +0000 (UTC) Received: from ishibashi.localnet (unknown [IPv6:2001:470:5:265:61b6:56a6:b03d:28d6]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 8E42A38A631D; Tue, 3 Nov 2015 20:48:19 +0000 (UTC) X-Hashcash: 1:25:151103:decker.christian@gmail.com::4CMgoQJFKckDrzIb:d6dK X-Hashcash: 1:25:151103:danny.thorpe@gmail.com::V7nDBLxzkkLILF2M:tLoU X-Hashcash: 1:25:151103:bitcoin-dev@lists.linuxfoundation.org::LxpyBbQMRqPsSZKA:fl=4f From: Luke Dashjr To: Christian Decker Date: Tue, 3 Nov 2015 20:48:17 +0000 User-Agent: KMail/1.13.7 (Linux/4.1.9-gentoo-r1; KDE/4.14.8; x86_64; ; ) References: <201510220905.27124.luke@dashjr.org> In-Reply-To: X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201511032048.18680.luke@dashjr.org> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2015 20:49:03 -0000 On Tuesday, November 03, 2015 8:37:44 PM Christian Decker wrote: > I am still very much intrigued by Luke's idea of having empty scriptsigs > and ship the signatures in external scripts, however the proposal uses the > on-the-fly normalization because we have no good way of relaying the > external scripts. Since we are still in the drafting phase I am open to > suggestions and if there is a good/working solution I can amend/withdraw > the proposal. Changing the network protocol is trivial in comparison to making a permanent increase in UTXO set costs. > As for open venues for malleability, I'm not sure we can fix them at all, > after all the ability of a single signer to doublespend by > appending/replacing inputs/outputs in an arbitrary fashion is not fixable > IMHO and will cause any future transaction building on its outputs to be > orphaned. What would the perfect properties for such a fix be? The problem isn't changing inputs/outputs, but that such changes invalidate later spends. In particular, note that wallets *should ideally* be actively trying to make transfers using multiple malleated versions of the same payment. So the way to make an anti-malleable wallet, would be to strictly enforce the no-address-reuse rule on payments received (note this has no effect on other/current wallets) and rely only on the hash of that scriptPubKey+value for the input in subsequent transactions. This way, no matter what inputs or other outputs the transaction paying the address/invoice uses, the subsequent transaction ignores them and remains valid. (I am not suggesting this as a mandatory change that all wallets must adopt to receive the current semi- malleability protection you propose - only that it be *possible* for wallets to upgrade to or offer in the future.) Luke