Author: Nick ODell 2016-09-17 22:34:43
Published on: 2016-09-17T22:34:43+00:00
The discussion thread on the bitcoin-dev mailing list revolves around creating transactions that are immune to transaction ID malleability. Rune K. Svendsen proposed a solution called OP_TXHASHVERIFY, which could be added to a scriptSig as the very first operation and would abort if the hash of the transaction with all OP_TXHASHVERIFY operations (including stack push) removed does not match what has been pushed on the stack. This would add 34 bytes per input for each input you wish to protect against tx ID malleability. However, Matt Corallo pointed out that the tx hash in the construction is not signed, which means someone wishing to manipulate a transaction may do so by also updating the hash in the scriptSig. Nick raised another issue that Hash1 must contain Hash2 and the transaction, but Hash2 must contain Hash1 and the transaction - a circular dependency. Rune replied that there is a solution, but it makes the operation less simple. If a transaction contains at least two OP_TXHASHVERIFY-protected inputs, signed without ANYONECANPAY, their signatures would cover the other input's OP_TXHASHVERIFY hash. The proposed solution is simple and valuable to not worry about tx ID malleability until something better becomes available, such as Segwit.
Updated on: 2023-06-11T20:00:06.723750+00:00