Public key and signature malleability [combined summary]

• Public key and signature malleability Stefan Thomas 2012-10-21 18:48:15+00:00
• Public key and signature malleability Mike Hearn 2012-10-21 18:47:19+00:00
• Public key and signature malleability Gavin Andresen 2012-10-21 17:05:11+00:00
• Public key and signature malleability Wladimir 2012-10-21 06:47:24+00:00
• Public key and signature malleability Gregory Maxwell 2012-10-20 18:34:11+00:00
• Public key and signature malleability Pieter Wuille 2012-10-20 17:55:43+00:00

Published on: 2012-10-21T18:48:15+00:00

Summary:

In the context provided, Gavin Andresen expresses his support for redefining the transaction validity rules in the Bitcoin reference implementation. He believes that it is important to allow people the opportunity to fix their software and asks if there are any objections from other transaction-validating implementations. This suggests that there may be some issues with the current transaction validation process that need to be addressed.Pieter Wuille proposed implementing strict rules to define the Bitcoin network and eliminate dependency on OpenSSL's implementation. This proposal was supported by Wladimir, who expressed concerns about changes in OpenSSL API leading to unexpected behavior and forks. The goal is to make the protocol as well-defined as possible and prevent unexpected outcomes and potential security or denial-of-service problems.Pieter Wuille also suggested implementing rules to prevent malleability in Bitcoin transactions. The idea was strongly supported because malleability has caused unexpected outcomes, and there may be additional security or denial-of-service problems associated with allowing it. The proposal suggests enabling the rules as a check similar to IsStandard(), making it difficult for non-complying transactions to get into blocks but still allowing them to be accepted when they aren't standard. Once no significant amount of non-standard transactions are seen, a BIP can be written, and enforcement of the rules can begin as a network rule.To further address the issue of malleability, Pieter proposed specific rules for public keys and signatures. Sergio Lerner discovered that taking the secp256k1-field-size complement of the S value in the signature does not invalidate it. To prevent this, requiring the lowest bit of the S value to always be even is suggested. While no client currently enforces this, it is considered easy to implement and would make the Bitcoin network rules more well-defined and prevent malleability attacks.Overall, the context indicates a need for more precise transaction validity rules in the Bitcoin system. Gavin Andresen supports changing the reference implementation to achieve this. Pieter Wuille's proposals aim to make the Bitcoin network rules more well-defined, eliminate dependencies on OpenSSL, and prevent malleability attacks.

Updated on: 2023-08-01T04:00:58.714182+00:00