Bitcoin Forum
December 06, 2016, 09:49:23 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How are tx fees implemented in the byte stream?  (Read 633 times)
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
August 08, 2011, 12:09:24 AM
 #1

So far, I have found no information about how transaction fees are included in a transaction, other than the higher-level description found on the wiki:

https://en.bitcoin.it/wiki/Transaction_fees

All it says is that the outputs add up to less than the inputs, so that the miner can include themself for the "leftover" output.  However, after finally understanding OP_CHECKSIG, I don't see how this possible with SIGHASH_ALL hash code.  SIGHASH_ALL includes all output scripts in the TxCopy that is serialized and signed by the sender, so the miner cannot modify/add any outputs without breaking the signature.  But I also heard that the other hash codes are not used.   Even if they were used, I'm having a tough time figuring out what they do.

Can anyone clarify how this is handled?
 

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
1481060963
Hero Member
*
Offline Offline

Posts: 1481060963

View Profile Personal Message (Offline)

Ignore
1481060963
Reply with quote  #2

1481060963
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481060963
Hero Member
*
Offline Offline

Posts: 1481060963

View Profile Personal Message (Offline)

Ignore
1481060963
Reply with quote  #2

1481060963
Report to moderator
1481060963
Hero Member
*
Offline Offline

Posts: 1481060963

View Profile Personal Message (Offline)

Ignore
1481060963
Reply with quote  #2

1481060963
Report to moderator
1481060963
Hero Member
*
Offline Offline

Posts: 1481060963

View Profile Personal Message (Offline)

Ignore
1481060963
Reply with quote  #2

1481060963
Report to moderator
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
August 08, 2011, 12:20:42 AM
 #2

Third-party transactions are never modified by miners. Miners simply add the leftover BTC to the value of their generation outputs. Other than existing in the same block, the coinbase transaction is not connected to the transactions that provide its fees.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
August 08, 2011, 12:27:01 AM
 #3

So, this is not a modification of the transaction at all... if a sender explicitly puts more total inputs than outputs in his transaction, they miner can simply declare the leftover his by adding it to his coinbase transaction?

Doesn't this complicate things considerably, by creating dependencies between unrelated transactions?  i.e. in order to verify the validity of a coinbase transaction, you need to add up all the other transactions in the same block...?


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2492


View Profile
August 08, 2011, 01:21:33 AM
 #4

You would need to process all other transactions to verify the coinbase anyway, since the coinbase is invalid if it is within an invalid block.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 08, 2011, 01:37:53 AM
 #5

You would need to process all other transactions to verify the coinbase anyway, since the coinbase is invalid if it is within an invalid block.
Yep. Shortcuts are a bad idea. The security properties of the bitcoin scheme work because every client fully validates every block, using precisely the same tests, before it accepts it. This is part of what is necessary to determine that a block is in fact part of the public hash chain.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
August 08, 2011, 01:49:45 AM
 #6

I'm not saying any of this is a bad idea or we should use shortcuts.  It just surprises me because it seems like a "sloppy" way to do/enforce the calculation.  Almost everything else in the specification is extremely explicit, so it just seems a little out of place that you need to collect the crumbs from a bunch of unrelated transactions to find the answer.

I would expect one of the hashtypes to allow for the last TxOut to be left out of the signature, and then the miner can inject their own script that transfers that last output to themselves, without breaking the signature.  Then a coinbase transaction requires no verification beyond the fact that the block is valid, and then the Tx fee looks any other TxOut.

But it works as is, so I'm not proposing changes.  Thanks for the clarification.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 08, 2011, 02:33:08 AM
 #7

I would expect one of the hashtypes to allow for the last TxOut to be left out of the signature, and then the miner can inject their own script that transfers that last output to themselves, without breaking the signature.  Then a coinbase transaction requires no verification beyond the fact that the block is valid, and then the Tx fee looks any other TxOut.
That would require the miner to later gather all those outputs into one transaction in a separate step to spend them, bloating that transaction. Consider if each of 12 transactions has a .005 fee, do you want to spend them as one 50.06 bitcoin transaction input or as a 50 btc input and 12 .005 btc inputs? It's much more elegant to do it in the mined block already.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
August 08, 2011, 02:35:40 AM
 #8

Quote
That would require the miner to later gather all those outputs into one transaction in a separate step to spend them, bloating that transaction. Consider if each of 12 transactions has a .005 fee, do you want to spend them as one 50.06 bitcoin transaction input or as a 50 btc input and 12 .005 btc inputs? It's much more elegant to do it in the mined block already.

Excellent point.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
vector76
Member
**
Offline Offline

Activity: 70


View Profile
August 08, 2011, 03:25:54 AM
 #9

I think the way it works is good because when the number of variables matches the number of degrees of freedom then the system can't be overdetermined or underdetermined and it can't be inconsistent or ambiguous.  Yes, the code could check for it and prevent inconsistencies it but it seems cleaner to have it inherently consistent.

The same reason inputs do not specify the amount, but rather allow the amount to be specified by the txout that they refer to.

An implementation could decide to cache these values if there is a performance benefit for doing so.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!