What's the easiest way for a third party to malleate a transaction?

1

Let's say I am a node. A transaction has been relayed to me, and one of the scriptSig fields is:

<sig> <pubKey>

  1. What is the easiest way for me to malleate this transaction?

    • For example, could I just add a "dummy" opcode to it, like this: OP_NOP <sig> <pubKey>?
  2. Also, are certain types of scriptSig easier to malleate than others?

Basically, I'm interested in the most practical way a third party might go about malleating a transaction.

inersha

Posted 2017-05-08T18:05:38.423

Reputation: 2 236

I don't believe adding a dummy opcode would work. You can't change the payload of the transaction at all without invalidating the signature - that's a key property of any usable digital signature algorithm. Instead, you have to keep the payload the same, but modify the format of the signature itself.Nate Eldredge 2017-06-13T20:15:22.107

Adding a dummy opcode would actually be valid, however the result would be non-standard at least in Bitcoin Core.Pieter Wuille 2017-08-12T21:08:26.637

Answers

1

The easiest way to malleate a transaction is to just change the signature from Low-S to High-S and vice versa.

Andrew Chow

Posted 2017-05-08T18:05:38.423

Reputation: 40 910