[Bitcoin-development] [RFC] [BIP proposal] Dealing with malleability

Gregory Maxwell gmaxwell at gmail.com
Thu Feb 13 00:47:05 UTC 2014


On Wed, Feb 12, 2014 at 4:39 PM, Alex Morcos <morcos at gmail.com> wrote:
> I apologize if this has been discussed many times before.

It has been, but there are probably many people like you who have not
bothered researching who may also be curious.

> As a long term solution to malleable transactions, wouldn't it be possible
> to modify the signatures to be of the entire transaction.  Why do you have
> to zero out the inputs?  I can see that this would be a hard fork, and maybe
> it would be somewhat tricky to extract signatures first (since you can sign
> everything except the signatures), but it would seem to me that this is an
> important enough change to consider making.

Because doing so would be both unnecessary and ineffective.

Unnecessary because we can very likely eliminate malleability without
changing what is signed. It will take time, but we have been
incrementally moving towards that, e.g. v0.8 made many kinds of
non-canonical encoding non-standard.

Ineffective— at least as you describe it— because the signatures
_themselves_ are malleable.




More information about the bitcoin-dev mailing list