To all peercoin team members.
Transaction malleability has been a hot topic on bitcoin.
This design flaw has become common knowledge after the MtGox hack.
I want to use this thread to start an objective evaluation of all options for peercoin to fix transaction malleability.
This thread is not meant to come to consensus about the solution peercoin should adopt, this thread is meant to result in an objective summary of all the options.
Due to all politics bitcoin is involved with, it seems impossible to find an objective summary on the web, so let’s try to compile one ourselves.
Once we are happy with this summary we can publish it in a public RFC for the world to see it and comment on it.
The options
- SegWit
- Simple malleability fix
- Original FlexTrans (with CMF)
- Modified FlexTrans (with different serialization format)
SegWit
Pro
- Block space savings (by moving the witness out, no total transaction size savings)
- Co-exists with old format (which can be soft-forked out later)
- Soft-fork
- Hype
- Code is ready and used in production
Contra
- Complexity (technical debt)
- A range of new transaction scripts (OP_CODES)
- Does not fix malleability for all transactions (only for segwit transactions, so payment processors still need to handle malleable non-segwit transactions correctly)
- Signature validation is optional
- Most design effort went into making it a soft-forkable
Simple malleability fix
Pro
- Simplest solution
- Fixes malleability for all standard transactions
- Does not introduce new transaction scripts
- Code is ready
Contra
- No block space savings
- Cannot co-exist with old format (however, only the txid calculation changed)
- (hard-fork)
- Hard-fork: Missed chance to cleanup the transaction format
- Hard-fork: Missed chance to switch to a more flexible transaction format that allows easier soft-forks in future
Original FlexTrans (with CMF)
Pro
- Block & transaction space savings (skip optional fields, varints, repeated signatures, …)
- Co-exists with old format (which can be soft-forked out later)
- Does not introduce new transaction scripts
- Allows cleaner future soft-forks
- Code is ready (testnet available)
- Does not depend on external libraries (ref. BIP66)
Contra
- CMF is yet another serialization format
- Does not fix malleability for all transactions (only for flextrans transactions, so payment processors still need to handle malleable non-flextranse transactions correctly)
- (hard-fork)
Modified FlexTrans (with different serialization format)
Pro
- Possible block & transaction space savings (depends on chosen format and implementation)
- Co-exists with old format (which can be soft-forked out later)
- Does not introduce new transaction scripts
- Allows cleaner future soft-forks
- Not “yet another serialization format”
Contra
- Code is not ready
- Does not fix malleability for all transactions (only for flextrans transactions, so payment processors still need to handle malleable non-flextranse transactions correctly)
- Protocol dependency on external libraries, maintainability & consensus risk. (ref. BIP66)
- Serialization format needs carefull selection to ensure no consensus rules can possibly get broken, e.g. strict ordering of properties.
- (hard-fork)
Things to consider
- Try to compile a piece of software released 10 years ago, if it has enough dependencies it will be hell to do. Stuff changes all the time. Bitcoin removed all dependencies from libconsensus, because of that.
- ProtocolBuffers: protoc has a huge amount of features that are not needed and misuse of those features would lead to consensus rules being broken. Same problem with bugfixes or other upstream issues.
Debunking the myths
-
“FlexTrans requires a all infrastructure to upgrade”
FlexTrans does not need to influence software connected through RPC.
The RPC interface can still expose transaction data in the old JSON and old raw serialization format.
Only signature and txid generating and validating code should upgrade.
Mining pools can still mine old style coinbase transactions (no upgrade needed, other than their node) -
“FlexTrans does not save much block space as signatures take up largest part of txn”
FlexTrans introduces a “repeat previous signature” flag signing all inputs at once, multiple inputs form same address therefore only require one signature. This considerably reduces most transaction sizes saving over 100 bytes per input and improves validation performance.
Other space savings are documented here: https://steemit.com/bitcoin/@tomz/the-simplicity-of-flexible-transactions.