[Bitcoin-development] Signature with negative integer?

Gregory Maxwell gmaxwell at gmail.com
Sat Jul 19 07:03:35 UTC 2014


On Fri, Jul 18, 2014 at 9:33 PM, Richard Moore <me at ricmoo.com> wrote:
> Hey all,
> I'm wondering if anyone can help explain to me tx 70f7c15c6f62139cc41afa858894650344eda9975b46656d893ee59df8914a3d...

A rather timely post.  See the other thread on BIP0062. What you're
looking at is an example of a well-known-to-implementers-here where
invisible and undocumented "over permissiveness" in interpreting
invalid encoding in a cryptographic library (OpenSSL in our case)
which would have been probably-not-unwelcome in many other protocol
uses results in an unexpected consensus critical normative rule in
Bitcoin.

Modern releases of Bitcoin core will no longer relay or mine them but
they're still valid in blocks should they show up.

BIP62 proposes, among other things, soft-forking (backwards
compatible) changes that will strictly limit the DER encoding to avoid
ambiguity. If adopted by the network implementations would still need
to grandfather in existing weird transactions but could do so on a
txid by txid basis since there would be no more broken encoding
permitted in blocks, and use different DER decoding code without risk
of consensus inconsistency (so long as it uses der decoding which is
functionally identical to what BIP62 requires— of course).




More information about the bitcoin-dev mailing list