I understand that after segwit the transaction ID can't be malleated, but can't the witness part be malleated, just like the scriptSig can in a non-segwit transaction?
Asked
Active
Viewed 225 times
2 Answers
4
but can't the witness part be malleated, just like the scriptSig can in a non-segwit transaction?
Yes, absolutely.
But the witness does not contribute to the transaction id (txid), which is what subsequent transactions refer to. Because of this, malleating a witness in a given transaction does not invalidate follow-up transactions using this transaction as an input. This is important for any application where multiple parties rely on an unconfirmed transaction to keep a stable txid.
relG
- 290
- 2
- 11
Pieter Wuille
- 98,249
- 9
- 183
- 287
1
Yes, the witness can be mutated before it is in a block. Once in a block it’s committed to with a hash. This is not impactful, any modification that doesn’t change the validity doesn’t matter for the creator or receiver of the transaction.
Claris
- 15,323
- 2
- 26
- 43
-
I'm uncomfortable saying it's not impactful. It's like saying malleability doesn't matter. Also before segwit the malleable transaction was committed to with a hash. There could be potential applications depending on non-malleability of the witness. – relG Dec 06 '17 at 12:32
-
What applications? The only application of the scriptSig is to validate a transaction, nothing can ever access it so there’s no possible reason to be using it. – Claris Dec 06 '17 at 13:00
-
I confess I don't have a great example, but malleability can have unexpected subtle attacks (otherwise people wouldn't bother to solve it). So, at the very least, I would suggest changing "This is not impactful.." to "This may not be impactful..". – relG Dec 06 '17 at 14:46
-
It is simply not impactful. So long as it doesn’t change the outcome of a transaction, does it matter that it’s not the way the creator of the transaction intended? – Claris Jan 09 '18 at 06:24