Re: [bitcoin-dev] Why SegWit Anyway?

[Johnson Lau via bitcoin-dev]

Not really. BIP140 might be easier to implement, but in longterm the UTXO 
overhead is significant and unnecessary. There are also other benefits of 
segwit written in BIP141. Some of those are applicable even if you are making a 
new coin.

> On 21 Nov 2017, at 2:07 AM, Praveen Baratam  wrote:
> 
> BIP 140 looks like it solves Tx Malleability with least impact on current 
> practices. It is still a soft fork though.
> 
> Finally, if we were to create an alternative cyptocurrency similar to 
> Bitcoin, a Normalized Tx ID approach would be a better choice if I get it 
> right!
> ᐧ
> 
> On Mon, Nov 20, 2017 at 11:15 PM, Johnson Lau  > wrote:
> We can’t “just compute the Transaction ID the same way the hash for signing 
> the transaction is computed” because with different SIGHASH flags, there are 
> 6 (actually 256) ways to hash a transaction.
> 
> Also, changing the definition of TxID is a hardfork change, i.e. everyone are 
> required to upgrade or a chain split will happen.
> 
> It is possible to use “normalised TxID” (BIP140) to fix malleability issue. 
> As a softfork, BIP140 doesn’t change the definition of TxID. Instead, the 
> normalised txid (i.e. txid with scriptSig removed) is used when making 
> signature. Comparing with segwit (BIP141), BIP140 does not have the 
> side-effect of block size increase, and doesn’t provide any incentive to 
> control the size of UTXO set. Also, BIP140 makes the UTXO set permanently 
> bigger, as the database needs to store both txid and normalised txid
> 
>> On 21 Nov 2017, at 1:24 AM, Praveen Baratam via bitcoin-dev 
>> > > wrote:
>> 
>> Bitcoin Noob here. Please forgive my ignorance.
>> 
>> From what I understand, in SegWit, the transaction needs to be serialized 
>> into a data structure that is different from the current one where 
>> signatures are separated from the rest of the transaction data.
>> 
>> Why change the format at all? Why cant we just compute the Transaction ID 
>> the same way the hash for signing the transaction is computed?
>> 
>> -- 
>> Dr. Praveen Baratam
>> 
>> about.me 
>> ___
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org 
>> 
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev 
>> 
> 
> 
> 
> 
> -- 
> Dr. Praveen Baratam
> 
> about.me 
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why SegWit Anyway?

[Johnson Lau via bitcoin-dev]

We can’t “just compute the Transaction ID the same way the hash for signing the 
transaction is computed” because with different SIGHASH flags, there are 6 
(actually 256) ways to hash a transaction.

Also, changing the definition of TxID is a hardfork change, i.e. everyone are 
required to upgrade or a chain split will happen.

It is possible to use “normalised TxID” (BIP140) to fix malleability issue. As 
a softfork, BIP140 doesn’t change the definition of TxID. Instead, the 
normalised txid (i.e. txid with scriptSig removed) is used when making 
signature. Comparing with segwit (BIP141), BIP140 does not have the side-effect 
of block size increase, and doesn’t provide any incentive to control the size 
of UTXO set. Also, BIP140 makes the UTXO set permanently bigger, as the 
database needs to store both txid and normalised txid

> On 21 Nov 2017, at 1:24 AM, Praveen Baratam via bitcoin-dev 
>  wrote:
> 
> Bitcoin Noob here. Please forgive my ignorance.
> 
> From what I understand, in SegWit, the transaction needs to be serialized 
> into a data structure that is different from the current one where signatures 
> are separated from the rest of the transaction data.
> 
> Why change the format at all? Why cant we just compute the Transaction ID the 
> same way the hash for signing the transaction is computed?
> 
> -- 
> Dr. Praveen Baratam
> 
> about.me 
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why SegWit Anyway?

[Ariel Lorenzo-Luaces via bitcoin-dev]

Hello Praveen

You're absolutely right. We could refer to transactions by the hash that gets 
signed.

However the way that bitcoin transactions reference each other has already been 
established to be hash of transaction+signature. Changing this would require a 
hard fork.

Segwit is the realization that this could be done as a soft fork if we simply 
extract the signature outside of what the old client considers a transaction. 
And into a new transaction format where we do exactly what you're describing.

In my opinion the way it originally worked with the sig inside the transaction 
was simply an oversight by satoshi. No different than a bug.

Cheers
Ariel Lorenzo-Luaces


On Nov 20, 2017, 9:29 AM, at 9:29 AM, Praveen Baratam via bitcoin-dev 
 wrote:
>Bitcoin Noob here. Please forgive my ignorance.
>
>From what I understand, in SegWit, the transaction needs to be
>serialized
>into a data structure that is different from the current one where
>signatures are separated from the rest of the transaction data.
>
>Why change the format at all? Why cant we just compute the Transaction
>ID
>the same way the hash for signing the transaction is computed?
>
>--
>Dr. Praveen Baratam
>
>about.me 
>
>
>
>
>___
>bitcoin-dev mailing list
>bitcoin-dev@lists.linuxfoundation.org
>https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[bitcoin-dev] Why SegWit Anyway?

[Praveen Baratam via bitcoin-dev]

Bitcoin Noob here. Please forgive my ignorance.

>From what I understand, in SegWit, the transaction needs to be serialized
into a data structure that is different from the current one where
signatures are separated from the rest of the transaction data.

Why change the format at all? Why cant we just compute the Transaction ID
the same way the hash for signing the transaction is computed?

-- 
Dr. Praveen Baratam

about.me 
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev