1
Let's say I am a node. A transaction has been relayed to me, and one of the scriptSig fields is:
<sig> <pubKey>
What is the easiest way for me to malleate this transaction?
- For example, could I just add a "dummy" opcode to it, like this:
OP_NOP <sig> <pubKey>?
- For example, could I just add a "dummy" opcode to it, like this:
Also, are certain types of scriptSig easier to malleate than others?
Basically, I'm interested in the most practical way a third party might go about malleating a transaction.
I don't believe adding a dummy opcode would work. You can't change the payload of the transaction at all without invalidating the signature - that's a key property of any usable digital signature algorithm. Instead, you have to keep the payload the same, but modify the format of the signature itself. – Nate Eldredge – 2017-06-13T20:15:22.107
Adding a dummy opcode would actually be valid, however the result would be non-standard at least in Bitcoin Core. – Pieter Wuille – 2017-08-12T21:08:26.637