MIME-Version: 1.0
In-Reply-To: <6741032F-757F-4D9E-A722-3A62271B6BFD@petertodd.org>
References: <CAPkFh0tj4cXYuk8=8QJOP5z4qea6bv_sELhkfHO6nU16mMnnZA@mail.gmail.com>
	<6741032F-757F-4D9E-A722-3A62271B6BFD@petertodd.org>
From: =?UTF-8?Q?Emin_G=C3=BCn_Sirer?= <el33th4x0r@gmail.com>
Date: Wed, 30 Dec 2015 15:22:43 -0500
Message-ID: <CAPkFh0usGPFQ4Tpn4v9FNmAL=Z8vZYm-VU50aFDnTEWMrAr5eA@mail.gmail.com>
To: Peter Todd <pete@petertodd.org>
Content-Type: multipart/alternative; boundary=001a113a4f80202a530528234e60
Cc: =?UTF-8?Q?Emin_G=C3=BCn_Sirer_via_bitcoin=2Ddev?=
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] How to preserve the value of coins after a fork.
Precedence: list

--001a113a4f80202a530528234e60
Content-Type: text/plain; charset=UTF-8

On Wed, Dec 30, 2015 at 3:16 PM, Peter Todd <pete@petertodd.org> wrote:

> Note how transaction malleability can quickly sabotage naive notions of
> this idea.
>

Bitcoin-United relies on a notion of transaction equivalence that doesn't
involve the transaction hash at all, so it should be immune to malleability
issues and compatible with segwit.

From the post, two transactions are equal if they "consume the same inputs
and result in the same outputs, not counting the miner fee. Simple
pay-to-pubkey-hash and pay-to-script-hash transactions are straightforward.
Multikey transactions are evaluated for equivalency by their inputs and
outputs, so it is allowable for a 2-out-of-3 payment to be signed by one
set of two keys on Dum and another set of two keys on Dee, as long as the
transaction consumes the same coins and produces the same outputs. Not that
we'll ever encounter such a case, but making this point helps pedagogically
with getting across the notion of transaction equivalence. What counts are
the consumed inputs and the destination and amounts of the outputs."

But you're right, if a naive implementation were to just use the
transaction hash, the result would be a mess.

- egs

--001a113a4f80202a530528234e60
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><br>=
</div><div class=3D"gmail_quote">On Wed, Dec 30, 2015 at 3:16 PM, Peter Tod=
d <span dir=3D"ltr">&lt;<a href=3D"mailto:pete@petertodd.org" target=3D"_bl=
ank">pete@petertodd.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail=
_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left=
-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Note how =
transaction malleability can quickly sabotage naive notions of this idea.<b=
r></blockquote><div><br></div><div>Bitcoin-United relies on a notion of tra=
nsaction equivalence that doesn&#39;t involve the transaction hash at all, =
so it should be immune to malleability issues and compatible with segwit.=
=C2=A0</div><div><br></div><div>From the post, two transactions are equal i=
f they &quot;consume the same inputs and result in the same outputs, not co=
unting the miner fee. Simple pay-to-pubkey-hash and pay-to-script-hash tran=
sactions are straightforward. Multikey transactions are evaluated for equiv=
alency by their inputs and outputs, so it is allowable for a 2-out-of-3 pay=
ment to be signed by one set of two keys on Dum and another set of two keys=
 on Dee, as long as the transaction consumes the same coins and produces th=
e same outputs. Not that we&#39;ll ever encounter such a case, but making t=
his point helps pedagogically with getting across the notion of transaction=
 equivalence. What counts are the consumed inputs and the destination and a=
mounts of the outputs.&quot;</div><div><br></div><div>But you&#39;re right,=
 if a naive implementation were to just use the transaction hash, the resul=
t would be a mess.</div><div><br></div><div>- egs</div><div><br></div><div>=
<br></div></div></div></div>

--001a113a4f80202a530528234e60--