Published on: 2016-09-17T22:34:43+00:00
Rune K. Svendsen has proposed a solution to address transaction ID malleability in the bitcoin-dev mailing list. The solution involves introducing a new opcode called OP_TXHASHVERIFY. This opcode would only work if added as the very first operation in a scriptSig. If the hash of the transaction with all OP_TXHASHVERIFY operations removed does not match what has been pushed on the stack, the operation will be aborted.To protect against tx ID malleability, one would need to calculate the tx ID of the transaction and add "0x32 $TX_HASH OP_TXHASHVERIFY" to the beginning of the scriptSig for each input they wish to protect. This solution adds 34 bytes per input. However, it is considered a simple and valuable solution until something better becomes available, such as Segwit.Matt Corallo pointed out that the tx hash in the construction is not signed, which means someone could manipulate a transaction by updating the hash in the scriptSig. Another issue raised by Nick is the circular dependency between Hash1 and Hash2. Rune replied that there is a solution, but it complicates the operation.Overall, the proposed solution by Rune K. Svendsen offers a way to create transactions that are immune to transaction ID malleability. It involves adding a new opcode called OP_TXHASHVERIFY to the scriptSig. Although there are some concerns raised, the solution is seen as valuable in addressing tx ID malleability until a better solution, like Segwit, becomes available. Feedback on the proposal is requested.
Updated on: 2023-08-01T19:00:49.596515+00:00