Bitcoin Forum
November 19, 2024, 02:31:20 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Why does Bitcoin use UTXO as transaction inputs instead of just public keys?  (Read 658 times)
ArithmomanicVampire (OP)
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
September 14, 2017, 07:49:48 PM
Merited by ABCbits (1)
 #1

In Bitcoin, a simple transaction input consists essentially of a TXO, a public key, and a signature. A database is used to check that the TXO is actually an UTXO.

Why not use simply the public key as input and have the transaction signed with each public key employed? In this case, the database maps addresses to the sum of their unspent outputs. Am I missing something?
aleksej996
Sr. Member
****
Offline Offline

Activity: 490
Merit: 389


Do not trust the government


View Profile
September 14, 2017, 08:40:41 PM
 #2

In the transaction's input a signature is a must. Otherwise, anyone with your public key (everyone, if you used your address before for spending coins) could make a transaction.

Second, UTXO (unspent transaction output) is a second half of the script that is attached to the input of the transaction that is spending those funds and needs to return 0 (maybe 1, I forgot) in order to be valid. So you kinda need it to make sure that you can spend the funds.
ArithmomanicVampire (OP)
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
September 14, 2017, 08:53:24 PM
 #3

In the transaction's input a signature is a must. Otherwise, anyone with your public key (everyone, if you used your address before for spending coins) could make a transaction.
Agreed. That's why I wrote that the transaction should be signed with all public keys employed.

Second, UTXO (unspent transaction output) is a second half of the script that is attached to the input of the transaction that is spending those funds and needs to return 0 (maybe 1, I forgot) in order to be valid. So you kinda need it to make sure that you can spend the funds.
Does this mean the need to include UTXO is a concession to the powerful script system Bitcoin has? Put another way: in a hypothetical, very simple altcoin with no scripts and that can do only simple transfers, it would be possible to get rid of the need to include the UTXO in the transaction?
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 3556
Merit: 6891


Just writing some code


View Profile WWW
September 15, 2017, 01:29:36 AM
Merited by ABCbits (2)
 #4

What you are proposing is essentially an accounts system which then limits what you can do to just public keys and their addresses. But Bitcoin has a scripting language, and that scripting language is not limited to just public keys, it can do a lot of things. An accounts system would make that scripting language impossible to use because a script is not a public key. Also such a system has less double spend detection and resistance and it has less replay resistance. If a fork were to be made, transactions would be far more replayable without explicit UTXO references.

gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
September 15, 2017, 02:12:01 AM
Merited by ABCbits (2)
 #5

Alice pays address 1Bob for his monthly paycheck
Bob uses the 1Bob coin to pays address 1Carol for dinner

Alice pays address 1Bob again his next paycheck
Mallory shows up and replays the transaction where 1Bob is paid to 1Carol

Bob is sad.

There are many other cases like this. If you address all of the one by one, you just end up with an inefficient and inflexible version of the UTXO model.
ArithmomanicVampire (OP)
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
September 15, 2017, 10:15:27 PM
 #6

Alice pays address 1Bob for his monthly paycheck
Bob uses the 1Bob coin to pays address 1Carol for dinner

Alice pays address 1Bob again his next paycheck
Mallory shows up and replays the transaction where 1Bob is paid to 1Carol

Bob is sad.

There are many other cases like this. If you address all of the one by one, you just end up with an inefficient and inflexible version of the UTXO model.
I didn't think of replay attacks. Now this makes much more sense. Thank you very much!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!