How are mutated transactions prevented from getting relayed?

3

Quoth Bitcoin release-notes-0.9.0.md:

This release contains a few fixes for transaction ID (TXID) malleability issues:

  • -nospendzeroconfchange command-line option, to avoid spending zero-confirmation change

  • IsStandard() transaction rules tightened to prevent relaying and mining of mutated transactions

  • Additional information in listtransactions/gettransaction output to report wallet transactions that conflict with each other because they spend the same outputs.

  • Bug fixes to the getbalance/listaccounts RPC commands, which would report incorrect balances for double-spent (or mutated) transactions.

  • New option: -zapwallettxes to rebuild the wallet's transaction information

What does "transaction rules tightened" mean and how does it prevent relaying and mining of mutated transactions? Since mutated transactions are also valid transactions, how can the client tell original transactions apart from mutated ones?

Are powerful adversaries still able to abuse this feature after the update?

Pacerier

Posted 2014-05-22T18:40:08.590

Reputation: 2 055

Answers

3

Transaction malleability is prevented by selecting one canonical representation of every transaction and making every other representation nonstandard. That is, of all possible transactions one transaction can be mutated into, exactly one is considered "original", and other representations are not relayed.

Originally, Bitcoin could accept different representations of the same data. For example, it were possible to represent the same number both with and without leading zeros, producing equivalent transactions with different binary representations. Now, a transaction would only be considered standard if those numbers are represented using a specific number of digits, so it is now impossible to write the same number in different ways.

However, this rule is not enforced on transactions that are already in a block (since otherwise it would be a fork), so a powerful adversary can still push a mutated transaction into the network by mining it himself.

abacabadabacaba

Posted 2014-05-22T18:40:08.590

Reputation: 918

How can all the clients agree on which transaction to be considered original?Pacerier 2014-09-27T10:04:47.033

1@Pacerier Originally, the rules for representation of signatures were pretty lax. For example, it were possible to represent numbers both with and without leading zeros. This means that the same number could be represented in several different ways. New rules require all those numbers to be represented using a specific number of digits, so now there is no leeway. Other rules are similarly tightened.abacabadabacaba 2014-09-27T10:14:59.650

Is it merely a reduction in the probability of possible representations, or does the update ensure that only one representation is possible?Pacerier 2014-09-27T13:38:13.460

1There is only one "canonical" representation for "standard" transactions. Unfortunately, not all current clients create canonical transactions. So, it is not possible to check for some transactions are they malled from canonical representation or created by old clients.amaclin 2014-09-27T15:33:11.507

Asked: 2014-05-22T18:40:08.590

Viewed: 83 times

Active: 2014-09-27T10:29:28.240