bitcoin-dev
Combined summary - [BIP] Normalized transaction IDs
In an email exchange, Jorge Timón and Christian Decker discuss the issue of malleability in Bitcoin transactions.
They argue that there is confusion between conflicting spends and signature malleability, and Segregated Witnesses could solve the latter. However, they agree that a good migration plan for Bitcoin needs to be found.The discussion highlights that wallets are addressing malleability in acceptable ways but face problems with second and third level malleability. For example, if an unconfirmed transaction's ID changes due to malleability, subsequent transactions become invalid. Additionally, certain types of contracts are not fully safe due to malleability.The authors disagree on the significance of "signature malleability," with one asserting its importance and the other suggesting it is not problematic.A proposed solution involves creating a new public key type, address type, and signature type to prevent double spending via simultaneous equation. However, this solution does not enforce no pubkey reuse and may put pressure on transactional storage.Luke Dashjr and an anonymous speaker discuss the issue of "signature malleability." While one believes it is not a problem, the other argues that segregated witnesses can solve it and be useful in practical cases. They also note the importance of looking at scriptPubKeys instead of transaction IDs.In a Bitcoin-dev mailing list conversation, confusion arises regarding the term "malleability" and its scope. Some argue that it only applies to signature malleability, while others argue that conflicting spends should also be addressed. Ultimately, it is agreed upon that all forms of malleability should be addressed in any practical solution.Luke Dashjr and Christian Decker discuss the issue of malleability in Bitcoin. They discuss the problem of single signers double-spending their outputs and the limitations of segregated witnesses in solving this issue. They also discuss the definition of malleability and its implications for Bitcoin transactions.The conversation discusses a solution for the normalization issue in the Bitcoin network. The proposed solution involves having a connected component of upgraded nodes that relay both the transaction and associated external scripts. Non-upgraded nodes will only parse the classical transaction, dropping the external script. To ensure this solution works, a long rollout phase before activation is suggested.Christian Decker proposes a solution for malleability in Bitcoin transactions, involving piggybacking external scripts onto normal messages. Non-upgraded nodes will ignore the external script. Luke Dashjr suggests enforcing no-address-reuse rule on received payments to make an anti-malleable wallet. However, this does not address the issue of double spending unconfirmed outputs.Luke Dashjr and Christian Decker discuss the idea of having empty scriptsigs and shipping signatures in external scripts. The proposal uses on-the-fly normalization, but a better solution is sought. Luke suggests making wallets add more outputs to unconfirmed transactions instead of spending unconfirmed change.Christian Decker discusses piggybacking external scripts onto normal messages in Bitcoin transactions. Non-upgraded nodes will read the entire message but only parse the classical transaction, ignoring the external script. He is open to suggestions for a better solution. A possible upgrade for wallets is also mentioned.Christian Decker provides an update on the proposed Bitcoin Improvement Proposal (BIP), mentioning changes made to the proposal. He expresses doubt about fixing malleability and asks about the perfect properties for such a fix. Luke Dashjr argues that wallets should add more outputs to unconfirmed transactions. Gregory Maxwell cautions against overselling certain ideas.The discussions on normalized transaction IDs within smart contracts continue. Suggestions are made regarding treating singlesig transactions as 1-of-1 transactions and using Schnorr signatures. The bitmap of flags could be replaced with a simple version number. However, caution is advised in overselling these ideas.In an email thread, Christian Decker comments on the scenario of a single signer re-ordering the outputs and inputs of a transaction. He believes that even with a canonical ordering, this action could still occur. Luke argues that wallets should add more outputs to unconfirmed transactions.In 2015, Christian Decker proposed a new implementation for normalized transaction IDs and storing them with coin state. However, Luke Dashjr expressed concern that this proposal doesn't completely close malleability and suggested specifying flags upfront in the UTXO-creating transaction to allow for fully malleability-proof wallets. He also pointed out that the flag to control whether the opcode behaves as VERIFY or not must be mandatory to guarantee successful evaluation on non-updated clients.The discussion revolves around the issue of malleability in Bitcoin transactions. While some believe that specifying flags upfront in the UTXO-creating transaction could allow for implementation of fully malleability-proof wallets, others argue that the use of non-sighash_all flags still poses a threat to the security of transactions. Signer malleability is also a concern needing consideration, and it is suggested that wallets should actively CoinJoin, bump fees on, etc any pending transactions in the background to prevent these