Author: Tomas 2017-11-13 09:38:41
Published on: 2017-11-13T09:38:41+00:00
In a discussion between Rusty Russell and Tomas, malleation was identified as a problem for every commitment transaction. HTLC transactions are used to address this issue. SIGHASH_NOINPUT could also be used to work around malleation by allowing updates to dependent transactions, but separate keys on every output are needed to prevent transactions from being connected to the wrong outputs. Rusty Russell mentioned that the current specification already ensures that every key is only used once, cutting the number of updates down by about a factor of 2 under typical use, more under weird conditions. However, SIGHASH_NOINPUT is dangerous if keys are reused at all, so it should not be done. Tomas asked if the prescribed key derivation algorithm ensures uniqueness, and queried under what circumstances the keys could be reused.
Updated on: 2023-05-24T02:49:58.959101+00:00