Author: Gregory Maxwell 2015-04-24 20:16:57
Published on: 2015-04-24T20:16:57+00:00
In an email exchange, William Swanson suggested that the BIP 62 approach to malleability is not the only option. Another approach is to sign the transaction in a way that allows input txid's to change without invalidating the signatures. However, this approach raises concerns from mild to severe, as it could lead to transaction replay and monetary losses. Byzantine attackers can replay old transactions any time anyone reuses an address, even accidentally. This results in backward computations of signatures that have implications for fungibility. The proposal linked to by Swanson is a game of wack-a-mole with assorted masking flags, many of which may not be useful for any particular applications. It doesn't provide tools to address the replay issue, and in order to improve malleability via that mechanism, one must always mask out the inputs completely. This means that users would always be exposed to replay and not just in specialized 'contract' applications where "there won't be address reuse" could be a strong assumption enforced by the application.
Updated on: 2023-05-19T20:02:27.863630+00:00