[bitcoin-dev] Dealing with OP_IF and OP_NOTIF malleability

jl2012 at xbt.hk jl2012 at xbt.hk
Fri Nov 6 08:13:10 UTC 2015

I have a new BIP draft for fixing OP_IF and OP_NOTIF malleability. 
Please comment: 

Copied below:

BIP: x
   Title: Dealing with OP_IF and OP_NOTIF malleability
   Author: jl2012 <jl2012 at xbt.hk>
   Status: Draft
   Type: Standards Track
   Created: 2015-11-06


As an supplement to BIP62, this document specifies proposed changes to 
the Bitcoin transaction validity rules in order to make malleability of 
transactions with OP_IF and OP_NOTIF impossible.


OP_IF and OP_NOTIF are flow control codes in the Bitcoin script system. 
The programme flow is decided by whether the top stake value is 0 or 
not. However, this behavior opens a source of malleability as a third 
party may alter a non-zero flow control value to any other non-zero 
value without invalidating the transaction.

As of November 2015, OP_IF and OP_NOTIF are not commonly used in the 
blockchain. However, as more sophisticated functions such as 
OP_CHECKLOCKTIMEVERITY are being introduced, OP_IF and OP_NOTIF will 
become more popular and the related malleability should be fixed. This 
proposal serves as a supplement to BIP62 and should be implemented with 
other malleability fixes together.


If the transaction version is 3 or above, the flow control value for 
OP_IF and OP_NOTIF must be either 0 or 1, or the transaction fails.

This is to be implemented with BIP62.


This is a softfork. To ensure OP_IF and OP_NOTIF transactions created 
before the introduction of this BIP will still be accpeted by the 
network, the new rules only apply to transactions of version 3 or above.

For people who want to preserve the original behaviour of OP_IF and 
OP_NOTIF, an OP_0NOTEQUAL could be  used before the flow control code to 
transform any non-zero value to 1.


BIP62: https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki

More information about the bitcoin-dev mailing list