[Bitcoin-development] [RFC] [BIP proposal] Dealing with malleability

Jeremy Spilman jeremy at taplink.co
Wed Feb 19 19:15:39 UTC 2014


> Longer term it would be more ideal have a canonical identifier for the  
> transaction before it even gets to the chain to support these use cases,  
> even if >wallets are able to properly identify the status of it's  
> transactions.  
> -Allen
>
>

One possible work-around to get back trusted transaction chaining for  
payment channels and locked refunds from multi-sig would be to make the  
initial transaction include zero fee, and depend on child-pays-for-parent  
in order to get the first and follow-on transactions into a block. This of  
course only works for protocols where the parties don't need the initial  
funding transaction to actually hit the blockchain right away.

But this relies on two assumptions; 1) that miners won't include a  
zero-fee transaction in the blockchain, and 2) that miners actually  
implement child-pays-for-parent. It's definitely not the same security  
as-if you had immutable txid, but it's something to consider.

1) Mutants may cause wallet spam and difficulty calculating balance (and  
wallets will evolve to deal with it)
2) Mutants cause DoS because they can interfere with your own transaction  
chains, which for example makes batch off-line processing much more  
difficult
3) Mutants introduce a 3rd party attacker into any two-party protocol that  
relies on chains

There's a lot to digest in the 'v3' transaction/block proposal. It sounds  
like there may be some uncertainty over whether we can *prove* that v3  
transactions in v3 blocks would actually be guaranteed immutable with  
these changes?

If we cannot fully prove a Tx is immutable, then is it actually worth  
taking steps to make it seem immutable, or is that just a false sense of  
security in the cases where chained transactions were actually expected to  
be reliable? Under that thinking, maybe it's best to accept mutants as a  
fact of life, and only consider protocols and techniques that cannot be  
broken by mutants.

In what cases does reducing the sources of malleability, but not  
necessarily eliminating from a security proof perspective, actually help?  
Basically, if we don't know that we will succeed, isn't there really no  
point in trying?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140219/d695d83f/attachment.html>


More information about the bitcoin-dev mailing list