[Bitcoin-development] 75%/95% threshold for transaction versions
pete at petertodd.org
Mon Apr 27 19:21:12 UTC 2015
On Sat, Apr 25, 2015 at 10:32:36AM -0400, Stephen Morse wrote:
> Hi William,
> I personally prefer this solution, since it nails the problem
> > completely with one simple and obvious change. The BIP 62 approach is
> > more like a game of wac-a-mole.
> The two are complementary, not competing. BIP62 prevents *non-signers* from
> mutating the transactions, which is very important.
I strongly disagree.
There are exactly two cases where mutation matters to normal wallets:
1) Spending unconfirmed change. This can be more efficiently done by
double-spending the first tx with a second that pays both recipients.
2) Large reorganizations. Making mutation impossible makes it more
likely that after a large reorg all previously confirmed transactions
will make it back to the blockchain succesfully.
Meanwhile, the "whack-a-mole" aspect of BIP62 is worrying - it's very
likely we'll miss a case. Even right now there are edge cases without
good solutions, like how in a multisig environment any of the key
holders can mutate transactions. Building wallets that make strong
assumptions about malleability and fail if those assumptions turn out to
be wrong is poor engineering.
> The 'Build your own
> nHashType' proposal enables chained transactions even in the face of
> *signers* mutating the transaction. I believe that integrating both will
> lead to the best defense against transaction malleability, and will enable
> more complicated uses of chained transactions (such as micropayment
While I think there are better ways to do 'Build your own nHashType'
than what was recently proposed, I strongly agree that for protocols
that really, truly, need malleability resistance it's far better to use
a purpose-built signature hashing algorithm.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 650 bytes
Desc: Digital signature
More information about the bitcoin-dev