Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 3C85467 for ; Wed, 21 Oct 2015 07:48:40 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f174.google.com (mail-io0-f174.google.com [209.85.223.174]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A49F2E3 for ; Wed, 21 Oct 2015 07:48:39 +0000 (UTC) Received: by iodv82 with SMTP id v82so48681478iod.0 for ; Wed, 21 Oct 2015 00:48:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pk/55NejMfHLhzAcj20dpS9gDZL4QhOMa+mCx4NsGms=; b=v1zag/Jz6V6+3OdcIHEVDcmtp0fIkHRnWndjfLuyBtlY1Wg8+kJHpGTC9LnQhMK720 +P4zQpfakWAzp1zobRemLkxjue3N2RYKyU/qYLYNLAFcb2000XQPx9KXL5asl3ELRurp P6mGj498WGGSQ8m+Oj4tyeIkJUTCWlhksXTZHfEb/AwzQzQaoBJ1/onGjVawHFvS4bHE /n7bi/X7E6kV1BjhlG3iP+H77iEj4FhjxH63tpuq9QDXmt9nUIrs6kboffcumlnMF4Jk m36SPwVouqYVnLyXOTBuH163IOW28PJ7v3h9TrGpMDMpw8FE8ittEhNCC4nliKTl2Prl SvTQ== MIME-Version: 1.0 X-Received: by 10.107.47.219 with SMTP id v88mr8409281iov.134.1445413719154; Wed, 21 Oct 2015 00:48:39 -0700 (PDT) Received: by 10.107.23.197 with HTTP; Wed, 21 Oct 2015 00:48:39 -0700 (PDT) In-Reply-To: <201510210618.56159.luke@dashjr.org> References: <201510210618.56159.luke@dashjr.org> Date: Wed, 21 Oct 2015 07:48:39 +0000 Message-ID: From: Gregory Maxwell To: Luke Dashjr Content-Type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] [BIP] Normalized transaction IDs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2015 07:48:40 -0000 On Wed, Oct 21, 2015 at 6:18 AM, Luke Dashjr via bitcoin-dev wrote: > On Monday, October 19, 2015 2:01:04 PM Christian Decker via bitcoin-dev wrote: >> The proposal is implemented (see below), by computing the normalized >> transaction ID when adding them to the UTXO and storing them along with the >> coin state. OP_CHECKSIGEX mostly duplicates OP_CHECKSIG and >> OP_CHECKMULTISIG, but I'm hoping somebody can give me some pointers into >> how to best refactor the common functionality into reusable blocks. And the >> annotating incoming transactions with their normalized inputs is a bit >> cumbersome, maye somebody has some pointers here as well? > > This doesn't completely close malleability (which should be documented in the > BIP), so I'm not sure it's worth the cost, especially if closing malleability > later on would need more. How about specifying flags upfront in the UTXO- > creating transaction specifying which parts the signature will cover? This > would allow implementation of fully malleability-proof wallets. > > Additionally, you have a flag to control whether the opcode behaves as VERIFY > or not. Non-VERIFY is not possible as a softfork (without doing a second/new > P2SH) since it can be negated. Flagability cannot work recursively which is necessary for any improvement to be useful for multi-phase protocols. (which, I think, is the only real application of this class of improvement-- third party mutation can be prevented by enforced canonical encodings;) One still wants sighash flags--, but they're going to inherently result in malleability. I'm still sad that uniform segregated witeness is so hard to deploy, adding another id to every utxo set won't be a nice cost. :( But I have been trying for a long time to come up with anything better and not being successful.