Bitcoin Forum
August 05, 2021, 02:59:41 AM *
News: Latest Bitcoin Core release: 0.21.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: What's the latest on transaction mutability?  (Read 698 times)
Qoheleth
Legendary
*
Offline Offline

Activity: 961
Merit: 1026


Spurn wild goose chases. Seek that which endures.


View Profile WWW
December 06, 2013, 06:29:40 AM
Last edit: December 06, 2013, 07:03:31 AM by Qoheleth
 #1

There's a lot of really interesting protocols being developed with advanced Bitcoin scripting lately. CoinSwap, trust-free guessing games, the list goes on. But in a lot of these cases, the protocols are hampered by the "transaction mutability" issue - essentially, the issue that a signed transaction can have its txid changed by any of the participants by redoing their signature, thereby invalidating any pre-built transactions that were supposed to follow on from it (e.g. time-locked cancellation transactions).

The thing is, I've seen various statements attached to interesting scripting proposals that go something like "care must be taken until mutability is fixed", as though (1) we have a plan to "fix" mutability, and (2) until then there's a way to prevent such attacks against schemes like CoinSwap if one is "careful". Searches reveal only fragmented and piecemeal discussion of the former, and almost nothing on the latter.

So I suppose my questions are, what's the plan to fix mutability, and what can we do in the meantime?

If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
1628132381
Hero Member
*
Offline Offline

Posts: 1628132381

View Profile Personal Message (Offline)

Ignore
1628132381
Reply with quote  #2

1628132381
Report to moderator
1628132381
Hero Member
*
Offline Offline

Posts: 1628132381

View Profile Personal Message (Offline)

Ignore
1628132381
Reply with quote  #2

1628132381
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1628132381
Hero Member
*
Offline Offline

Posts: 1628132381

View Profile Personal Message (Offline)

Ignore
1628132381
Reply with quote  #2

1628132381
Report to moderator
1628132381
Hero Member
*
Offline Offline

Posts: 1628132381

View Profile Personal Message (Offline)

Ignore
1628132381
Reply with quote  #2

1628132381
Report to moderator
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 3500
Merit: 5550



View Profile
December 06, 2013, 08:14:25 AM
 #2

If the refund is constructed using P2SH you can get the other side to sign just the hash, and they won't be able to recognize the payment into the escrow— being both unable to see their own pubkey in it (due to p2sh) and having not seen the refund they signed. Thats one of the workarounds...

Full mutability fixes are very slow going. MTGOX is still producing transactions with non-canonical R,S. Bitcoin-QT GIT now uses the smaller of the two possible S values in signatures, but I'm not aware of any other signers that do. I think its not unlikely that we're going to see hardware wallets deploy which fail to do this.  I'm now wondering if we shouldn't start 'fixing' these transactions on relay and just letting them cope with their txids changing out from under them rather than failing to forward completely.

As for other fix progress: https://github.com/bitcoin/bitcoin/pull/3025
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526
Merit: 1025


View Profile
December 06, 2013, 01:03:23 PM
 #3

bitcoinj produces canonical S values.

I think the best approach might be to roll these all into a transaction v2 format, so people have a more exciting feature to announce than a series of small "vegetable eating" pieces of work. Then if you want to use any other features of v2, you have to do all of it at once.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!