> On August 16, 2016 at 8:27 PM Russell O'Connor via bitcoin-dev 
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> Okay.
> 
> I'm not really opposed to this BIP, but I am worried that fighting script 
> malleability is a battle that can never be won; even leaving one avenue of 
> malleability open is probably just as bad as having many avenues of 
> malleability, so it just doesn't seem worthwhile to me.

Not really. I think the goal is to protect as many common scripts as possible.

For example:
1) BIP146 (Low S values signatures) will eliminate all malleability for P2WPKH
2) BIP146 + null dummy value for CHECKMULTISIG ("NULLDUMMY") will eliminate all 
malleability for simple multi-sig in P2WSH. This is particularly interesting 
since without NULLDUMMY, attackers are able to replace the dummy value with 
anything.
3) BIP146 + NULLDUMMY + minimal IF argument ("MINIMALIF") will eliminate 
malleability for any Lightening Network scripts that I'm aware of.

With 3), 99.99% of segwit transactions in foreseeable future should be fully 
protected.

The plan is to implement MINIMALIF as a relay policy first, and enforce the 
softfork after further risks assessment. This BIP serves as a warning to users 
for not using incompatible script.

Peter Todd:
> Having said that, a better approach may be a separate CHECKBOOLVERIFY opcode 
> that fails unless the top item on the stack is a minimally encoded true or 
> false value, to allow script writers to opt into this behavior; it's not 
> always ideal.

I believe all Lightening Network scripts (the only real users of IF/NOTIF in 
foreseeable future) are already compatible with MINIMALIF. It may not be a good 
idea for them to spend 1 more byte to get protected.

If people want to have the original OP_IF behaviour, a simple way would be 
using "0NOTEQUAL IF". However, this works only if the argument is a valid 
number (also beware of MINIMALDATA rule in BIP62).

To completely replicate the original behaviour, one may use:
"DEPTH TOALTSTACK IFDUP DEPTH FROMALTSTACK NUMNOTEQUAL IF 2DROP {if script} 
ELSE DROP {else script} ENDIF"

This is because we don't have a simple OP_CASTTOBOOL, and IFDUP is 1 of the 4 
codes that perform CastToBool on top stack item (the others are VERIFY, IF, and 
NOTIF; and VERIFY can't be used here since it terminates the script with a 
False).
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Reply via email to