[Bitcoin-ml] Flexible Transactions are canonical

Tomas tomas at bitcrust.org
Thu Sep 7 13:01:43 UTC 2017

On Wed, Sep 6, 2017, at 20:22, Tom Zander via bitcoin-ml wrote:
> As some people seems to be spreading misunderstanings about Flexible 
> Transactions not being canonical, I thought I’d clear that up as soon as
> I 
> can.
> The accusation goes that since Flexible Transactions is very flexible
> about 
> the ordering of tags, this becomes an issue as software could then
> re-encode 
> the transaction which breaks the transaction-id.
> This accusation shows a misunderstanding of what the malleability attack
> is.
> The malleability attack is to change the transaction ID, *without breaking 
> the signatures*.

I don't think that is what non-canonical implies. Non-canonical doesn't
mean malleable. 

It simply means that there are many ways to construct the same logical
transaction. In the current format, the possible different ways to
construct two functionally identical transactions are limited to messing
with the version or malleating input-script/signatures; every other byte
cannot be represented differently. With FlexTrans the number of ways to
construct a transaction is more extensive.

There are some drawbacks to this flexibility. For instance, if I want to
design and use some custom compressed storage format that stores all
data needed to reconstruct the transactions, with FlexTrans I would have
to somehow include the tag-order. 

Whether this is a problem in practice remains to be seen, but it could
be argued that enforcing a canonical ordering of tags is a slightly
cleaner approach as it removes meaningless information, i.e. the tag

Tomas van der Wansem

More information about the bitcoin-ml mailing list