Tuesday, November 5, 2024

transactions – Did Segwit (BIP141) eradicate all txid malleability points listed in BIP62?

Many of the malleability points listed in BIP62 stem from the truth that an enter script (scriptSig) could be modified and nonetheless stay legitimate for the enter, and since the enter script is included when calculating the TXID, this modifies the TXID as nicely.

Instance methods you possibly can flip an enter script into a special however nonetheless legitimate enter script:

  • Any legitimate ECDSA signature could be become a special legitimate signature by inverting the s-value. BIP62 proposed that an s-value within the decrease half of the vary be required.
  • Any push operation could be expressed a number of methods. For instance, pushing the byte 01 could be achieved with the opcode 0x51 (OP_1/OP_TRUE), but additionally much less effectively utilizing the sequence 0101 (OP_PUSHBYTES_1 01). BIP62 proposed that essentially the most environment friendly (“canonical”) method be required.
  • For the reason that enter script is a script, it may be modified any variety of methods, for instance by together with <information> OP_DROP wherever within the script. BIP62 proposed to limit enter scripts to information pushing opcodes.

SegWit cleverly fastened all of those malleability vectors by merely requiring the enter script to be empty (or, within the case of wrapped SegWit, to push a single particular byte vector), and shifting signatures and different script inputs to the witness which is not lined by the TXID. Witness information can nonetheless be malleated by third events, nevertheless it does not have an effect on TXID malleability anymore.

“Nonintentional malleability” simply refers to malleability by a 3rd celebration that the unique creator of the transaction did not intend. It can after all all the time be doable for the creator to deliberately malleate the transaction themselves earlier than it’s included in a block, and even with SegWit you possibly can nonetheless create transactions deliberately malleable by third events by e.g. not requiring any signatures to spend an output.

The pull request you point out modified standardness guidelines, not consensus guidelines, so it is simply bypassed by miners. As a result of SegWit took a special method to fixing malleability, excessive s-value signatures are nonetheless simply non-standard however legitimate by consensus.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles