[bitcoin-dev] Safer sighashes and more granular SIGHASH_NOINPUT

David A. Harding dave at dtrt.org
Sun Dec 9 22:41:57 UTC 2018


On Thu, Dec 06, 2018 at 11:57:09AM -0500, Russell O'Connor via bitcoin-dev wrote:
> One more item to consider is "signature covers witness weight".
> 
> While signing the witness weight doesn't completely eliminate witness
> malleability (of the kind that can cause grief for compact blocks), it does
> eliminate the worst kind of witness malleability from the user's
> perspective, the kind where malicious relay nodes increase the amount of
> witness data and therefore reduce the overall fee-rate of the transaction.

To what degree is this an actual problem?  If the mutated transaction
pays a feerate at least incremental-relay-fee[1] below the original
transaction, then the original transaction can be rebroadcast as an RBF
replacement of the mutated transaction (unless the mutated version has
been pinned[2]).

-Dave

[1] $ bitcoind -help-debug | grep -A2 incremental
  -incrementalrelayfee=<amt>
       Fee rate (in BTC/kB) used to define cost of relay, used for mempool
       limiting and BIP 125 replacement. (default: 0.00001)

[2] https://bitcoin.stackexchange.com/questions/80803/what-is-meant-by-transaction-pinning

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20181209/7ae94da5/attachment.sig>


More information about the bitcoin-dev mailing list