Author: Peter Todd 2014-02-10 03:00:48
Published on: 2014-02-10T03:00:48+00:00
Pieter Wuille proposed a BIP on how to eliminate transaction malleability over time. The proposal can be found at https://gist.github.com/sipa/8907691. He expects most rules to not be controversial, but rules 1 and 3 may require modifications to wallet software, which may invalidate some script functionality. However, these new rules remain optional and controlled by an nVersion increase. In response to Pieter’s proposal, someone suggested that CHECKMULTISIG should require the dummy value to be exactly equal to OP_FALSE, as verifying it in the transaction itself is laborious. They also suggested that both CHECKSIG and CHECKMULTISIG fail the transaction if the signature is invalid but not exactly equal to OP_FALSE. But they were hesitant to bake in assumptions about malleability when there is no solid idea if ECC signatures are or are not malleable on a fundamental level. Moreover, they suggested a new CHECKSIG mode for cases where malleability must be eliminated, such as certain multi-party protocols, and fix wallet software instead. However, they could see this being an impossible goal engineering-wise. The malleability problems people see are closely related to inability to handle double-spends and reorgs.
Updated on: 2023-06-08T02:37:45.353990+00:00