Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YtD7E-0005o6-Cr for bitcoin-development@lists.sourceforge.net; Fri, 15 May 2015 10:45:16 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.192.53 as permitted sender) client-ip=209.85.192.53; envelope-from=tier.nolan@gmail.com; helo=mail-qg0-f53.google.com; Received: from mail-qg0-f53.google.com ([209.85.192.53]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YtD79-0003dx-2m for bitcoin-development@lists.sourceforge.net; Fri, 15 May 2015 10:45:16 +0000 Received: by qgf2 with SMTP id 2so9186596qgf.0 for ; Fri, 15 May 2015 03:45:05 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.55.56.201 with SMTP id f192mr18518263qka.88.1431686705626; Fri, 15 May 2015 03:45:05 -0700 (PDT) Received: by 10.140.85.241 with HTTP; Fri, 15 May 2015 03:45:05 -0700 (PDT) In-Reply-To: <5555C26F.7080706@sky-ip.org> References: <5555C26F.7080706@sky-ip.org> Date: Fri, 15 May 2015 11:45:05 +0100 Message-ID: From: Tier Nolan Cc: Bitcoin Development Content-Type: multipart/alternative; boundary=001a1145923884c4c405161c8988 X-Spam-Score: 2.3 (++) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (tier.nolan[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.2 MISSING_HEADERS Missing To: header 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 1.9 MALFORMED_FREEMAIL Bad headers on message from free email service -0.1 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1YtD79-0003dx-2m Subject: Re: [Bitcoin-development] [BIP] Normalized Transaction IDs X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2015 10:45:16 -0000 --001a1145923884c4c405161c8988 Content-Type: text/plain; charset=UTF-8 On Fri, May 15, 2015 at 10:54 AM, s7r wrote: > Hello, > > How will this exactly be safe against: > a) the malleability of the parent tx (2nd level malleability) > The signature signs everything except the signature itself. The normalized txid doesn't include that signature, so mutations of the signature don't cause the normalized txid to change. If the refund transaction refers to the parent using the normalised txid, then it doesn't matter if the parent has a mutated signature. The normalized transaction ignores the mutation. If the parent is mutated, then the refund doesn't even have to be modified, it still refers to it. If you want a multi-level refund transaction, then all refund transactions must use the normalized txids to refer to their parents. The "root" transaction is submitted to the blockchain and locked down. > b) replays > If there are 2 transactions which are mutations of each other, then only one can be added to the block chain, since the other is a double spend. The normalized txid refers to all of them, rather than a specific transaction. > If you strip just the scriptSig of the input(s), the txid(s) can still > be mutated (with higher probability before it gets confirmed). > Mutation is only a problem if it occurs after signing. The signature signs everything except the signature itself. > If you strip both the scriptSig of the parent and the txid, nothing can > any longer be mutated but this is not safe against replays. Correct, but normalized txids are safe against replays, so are better. I think the new signature opcode fixes things too. The question is hard fork but clean solution vs a soft fork but a little more hassle. --001a1145923884c4c405161c8988 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Fri, May 15, 2015 at 10:54 AM, s7r <s7r@sky-ip.org> wrot= e:
Hello,

How will this exactly be safe against:
a) the malleability of the parent tx (2nd level malleability)

The signature signs everything except the signature = itself.=C2=A0 The normalized txid doesn't include that signature, so mu= tations of the signature don't cause the normalized txid to change.
=
If the refund transaction refers to the parent using the nor= malised txid, then it doesn't matter if the parent has a mutated signat= ure.=C2=A0 The normalized transaction ignores the mutation.

If the parent is mutated, then the refund doesn't even have to be mo= dified, it still refers to it.

If you want a multi-level = refund transaction, then all refund transactions must use the normalized tx= ids to refer to their parents.=C2=A0 The "root" transaction is su= bmitted to the blockchain and locked down.
=C2=A0
b) replays

If there are 2 transactions = which are mutations of each other, then only one can be added to the block = chain, since the other is a double spend.

The normalized = txid refers to all of them, rather than a specific transaction.
=C2=A0
If you strip just the scriptSig of the input(s), the txid(s) can still
be mutated (with higher probability before it gets confirmed).

Mutation is only a problem if it occurs after signi= ng.=C2=A0 The signature signs everything except the signature itself.
=C2=A0
If you strip both the scriptSig of the parent and the txid, nothing can
any longer be mutated but this is not safe against replays.

Correct, but normalized txids are safe against replays, so= are better.

I think the new = signature opcode fixes things too.=C2=A0 The question is hard fork but clea= n solution vs a soft fork but a little more hassle.
--001a1145923884c4c405161c8988--