📅 Original date posted:2015-11-19
📝 Original message:
Tadge Dryja <tadge at lightning.network> writes:
> I've joked that BIP62 is the "whack-a-mole" BIP in that it addresses many
> vectors for txid malleability, but maybe there are more. And more
> importantly, it addresses 3rd party malleability. It's not helpful in the
> context of lightning channel creation because ECDSA sigs are inherently
> malleable. You can always re-sign the same message with a different
> k-value and get a different signature.
Yeah, that's why the deployable lightning model used single-sided
funding (the escape tx model also works).
> The functionality that's needed is to be able to reliably spend from
> unconfirmed transactions. Segregated witness can accomplish that, but it
> quite a large hard-fork change.
The excitement is because the proposal is to soft-forked it in. Seems
like it might work, but I'll have to see how ugly it is.
> sighash_noinput can also accomplish that:
> as input txids are not signed, if they change, the spending transaction can
> be modified while leaving counterparty signatures intact.
I was trying to a new OP_CHECKSIG2, because I'm fairly sure we're going
to take years to winnow down the set of features. I expect it will
logjam on "new sig flags" "schnorr!" "scriptable signature parts" etc...
> I'm hoping to start a new "testnet-L" similar to testnet3, with this
> sighash type so that we can test malleability mitigation out.
>
> (Oh also, hi mailing list, sorry I have not posted till now! But I will
> start posting!)
Welcome :)
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:45:11
in reply to nevent1q…zpa8
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:45:11Event JSON
{
"id": "4e609b0eb5e66abb0fbc642a8e40d48ada92c4cf0bb406fd1a25718669788653",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686314711,
"kind": 1,
"tags": [
[
"e",
"1af72c6403b0bf6c208cd96111979b74febacb268ea0e46444fb1495c20b46af",
"",
"root"
],
[
"e",
"6b79afdf157abc61f55b5b27f98d15c9cbe6593799c3db3907d7677b14eff1f3",
"",
"reply"
],
[
"p",
"cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba"
]
],
"content": "📅 Original date posted:2015-11-19\n📝 Original message:\nTadge Dryja \u003ctadge at lightning.network\u003e writes:\n\u003e I've joked that BIP62 is the \"whack-a-mole\" BIP in that it addresses many\n\u003e vectors for txid malleability, but maybe there are more. And more\n\u003e importantly, it addresses 3rd party malleability. It's not helpful in the\n\u003e context of lightning channel creation because ECDSA sigs are inherently\n\u003e malleable. You can always re-sign the same message with a different\n\u003e k-value and get a different signature.\n\nYeah, that's why the deployable lightning model used single-sided\nfunding (the escape tx model also works).\n\n\u003e The functionality that's needed is to be able to reliably spend from\n\u003e unconfirmed transactions. Segregated witness can accomplish that, but it\n\u003e quite a large hard-fork change.\n\nThe excitement is because the proposal is to soft-forked it in. Seems\nlike it might work, but I'll have to see how ugly it is.\n\n\u003e sighash_noinput can also accomplish that:\n\u003e as input txids are not signed, if they change, the spending transaction can\n\u003e be modified while leaving counterparty signatures intact.\n\nI was trying to a new OP_CHECKSIG2, because I'm fairly sure we're going\nto take years to winnow down the set of features. I expect it will\nlogjam on \"new sig flags\" \"schnorr!\" \"scriptable signature parts\" etc...\n\n\u003e I'm hoping to start a new \"testnet-L\" similar to testnet3, with this\n\u003e sighash type so that we can test malleability mitigation out.\n\u003e\n\u003e (Oh also, hi mailing list, sorry I have not posted till now! But I will\n\u003e start posting!)\n\nWelcome :)\n\nCheers,\nRusty.",
"sig": "1aacfab2517730f373cf6445971adff6bcda40135f90fee307fd6709ce50c5344bc48d9b660d1d251768098d77ffef3a1cf5d0df61e11843012306998bd53273"
}