[Bitcoin-ml] Flexible Transactions are canonical
tomz at freedommail.ch
Fri Sep 8 08:25:37 UTC 2017
On Thursday, 7 September 2017 15:01:43 CEST Tomas via bitcoin-ml wrote:
> I don't think that is what non-canonical implies. Non-canonical doesn't
> mean malleable.
I think this statement leads directly to the cause of the confusion.
In Bitcoin we can have transactions that are not yet signed, and we have
transactions that are (partially) signed.
Those are two very different usecases.
Your statemet above is true for unsigned transactions. This goes for
FlexTrans as well as current type of transactions.
Current transactions that are unsigned you can swap two outputs without
changing the meaning. There, in other words, is no canonical form of
unsigned transactions. This is true for all transaction types in Bitcoin.
Signed transactions, on the other hand, can not be changed as that would
break the signature.
Exceptions are in the malleability problems which current transactions
suffer from and FlexTrans does not.
As such the action of signing a transaction turns it into a canonical shape.
And that means that for signed transactions non-canonical does indeed mean
I realized the other day that this issue only exists because of the internal
structure that Satoshi designed for a transaction. The CTransaction class.
That class has the problem that some information gets lost if you read a
canonical flexible transaction into it.
This is clearly a problem with the data-structure. (see my example of signed
emails in an earlier email).
In most Bitcoin full node implementations that are not based on Satoshi’s
code you will see that there is no such issue, because most of them have
realized that the canonical version of a transaction is its byte-array. And
as such they use that directly. Which is also very much profitable in terms
of processing cost and memory usage because you can use memory-mapping of
the blocks and zero-copy.
More information about the bitcoin-ml