[Bitcoin-development] malleability work-around vs fix (Re: 0.8.5 with libsecp256k1)

Adam Back adam at cypherspace.org
Thu Oct 10 15:06:03 UTC 2013

btw if I got that right, it means you dont even have to fix the asn.1 level
ambiguity (though its a good idea to remove openSSL asn.1 parsing code) to
have conditional payments using not yet broadcast txid outputs as inputs to
work with high assurance.  (And even in the event that a new crypto level
malleability is discovered in ECDSA it remains secure.)


Adam Back wrote:
>So I was thinking a more generic / robust way to fix this would be to change
>the txid from H(sig,inputs,outputs,script) to H(pubkey,inputs,outputs,script)
>or something like that in effect so that the malleability of the signature
>mechanism doesnt affect the security of conditional payments.


More information about the bitcoin-dev mailing list