Author: Peter Todd 2014-11-06 23:12:25
Published on: 2014-11-06T23:12:25+00:00
In a discussion on Bitcoin development, Matt Corallo explained that without BIP62, even basic contracts that people want to use would be unusable and atomic swaps suggested for sidechains would not be secure. However, BIP62 is an insecure way of making contracts secure against malleability as it relies on a "whack-a-mole" approach to security that is insecure if any flaw is missed. If you only wanted to make contracts secure, you'd either implement a new SignatureHash() or the significantly more limited CHECKLOCKTIMEVERIFY. BIP62 also fails at making more complex types of contracts secure. A new form of signature hash that was a signature on tx2.vout structure rather than its txid would be secure instead. Wallet authors find life easier with BIP62 as they don't have to deal with malleability. Peter Todd, a Bitcoin developer, advises anyone with money behind an implementation that is doing script verification in code that isn’t Bitcoin Core to rethink that decision.
Updated on: 2023-06-09T03:52:19.598492+00:00