Bitcoin Forum
November 19, 2018, 02:57:32 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Why does Bitcoin use UTXO as transaction inputs instead of just public keys?  (Read 551 times)
ArithmomanicVampire
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
September 14, 2017, 07:49:48 PM
 #1

In Bitcoin, a simple transaction input consists essentially of a TXO, a public key, and a signature. A database is used to check that the TXO is actually an UTXO.

Why not use simply the public key as input and have the transaction signed with each public key employed? In this case, the database maps addresses to the sum of their unspent outputs. Am I missing something?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542639452
Hero Member
*
Offline Offline

Posts: 1542639452

View Profile Personal Message (Offline)

Ignore
1542639452
Reply with quote  #2

1542639452
Report to moderator
aleksej996
Sr. Member
****
Offline Offline

Activity: 462
Merit: 314


Do not trust the government


View Profile WWW
September 14, 2017, 08:40:41 PM
 #2

In the transaction's input a signature is a must. Otherwise, anyone with your public key (everyone, if you used your address before for spending coins) could make a transaction.

Second, UTXO (unspent transaction output) is a second half of the script that is attached to the input of the transaction that is spending those funds and needs to return 0 (maybe 1, I forgot) in order to be valid. So you kinda need it to make sure that you can spend the funds.
ArithmomanicVampire
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
September 14, 2017, 08:53:24 PM
 #3

In the transaction's input a signature is a must. Otherwise, anyone with your public key (everyone, if you used your address before for spending coins) could make a transaction.
Agreed. That's why I wrote that the transaction should be signed with all public keys employed.

Second, UTXO (unspent transaction output) is a second half of the script that is attached to the input of the transaction that is spending those funds and needs to return 0 (maybe 1, I forgot) in order to be valid. So you kinda need it to make sure that you can spend the funds.
Does this mean the need to include UTXO is a concession to the powerful script system Bitcoin has? Put another way: in a hypothetical, very simple altcoin with no scripts and that can do only simple transfers, it would be possible to get rid of the need to include the UTXO in the transaction?
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 1582
Merit: 1751


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
September 15, 2017, 01:29:36 AM
 #4

What you are proposing is essentially an accounts system which then limits what you can do to just public keys and their addresses. But Bitcoin has a scripting language, and that scripting language is not limited to just public keys, it can do a lot of things. An accounts system would make that scripting language impossible to use because a script is not a public key. Also such a system has less double spend detection and resistance and it has less replay resistance. If a fork were to be made, transactions would be far more replayable without explicit UTXO references.

gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2562
Merit: 1671



View Profile
September 15, 2017, 02:12:01 AM
 #5

Alice pays address 1Bob for his monthly paycheck
Bob uses the 1Bob coin to pays address 1Carol for dinner

Alice pays address 1Bob again his next paycheck
Mallory shows up and replays the transaction where 1Bob is paid to 1Carol

Bob is sad.

There are many other cases like this. If you address all of the one by one, you just end up with an inefficient and inflexible version of the UTXO model.

Bitcoin will not be compromised
ArithmomanicVampire
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
September 15, 2017, 10:15:27 PM
 #6

Alice pays address 1Bob for his monthly paycheck
Bob uses the 1Bob coin to pays address 1Carol for dinner

Alice pays address 1Bob again his next paycheck
Mallory shows up and replays the transaction where 1Bob is paid to 1Carol

Bob is sad.

There are many other cases like this. If you address all of the one by one, you just end up with an inefficient and inflexible version of the UTXO model.
I didn't think of replay attacks. Now this makes much more sense. Thank you very much!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!