Does segwit solve malleability of the witness part?

0

I understand that after segwit the transaction ID can't be malleated, but can't the witness part be malleated, just like the scriptSig can in a non-segwit transaction?

relG

Posted 2017-12-06T11:12:50.100

Reputation: 250

Answers

4

but can't the witness part be malleated, just like the scriptSig can in a non-segwit transaction?

Yes, absolutely.

But the witness does not contribute to the transaction id (txid), which is what subsequent transactions refer to. Because of this, malleating a witness in a given transaction does not invalidate follow-up transactions using this transaction as an input. This is important for any application where multiple parties rely on an unconfirmed transaction to keep a stable txid.

Pieter Wuille

Posted 2017-12-06T11:12:50.100

Reputation: 54 032

1

Yes, the witness can be mutated before it is in a block. Once in a block it’s committed to with a hash. This is not impactful, any modification that doesn’t change the validity doesn’t matter for the creator or receiver of the transaction.

Anonymous

Posted 2017-12-06T11:12:50.100

Reputation: 10 054

I'm uncomfortable saying it's not impactful. It's like saying malleability doesn't matter. Also before segwit the malleable transaction was committed to with a hash. There could be potential applications depending on non-malleability of the witness.relG 2017-12-06T12:32:05.903

What applications? The only application of the scriptSig is to validate a transaction, nothing can ever access it so there’s no possible reason to be using it.Anonymous 2017-12-06T13:00:30.063

I confess I don't have a great example, but malleability can have unexpected subtle attacks (otherwise people wouldn't bother to solve it). So, at the very least, I would suggest changing "This is not impactful.." to "This may not be impactful..".relG 2017-12-06T14:46:09.193

It is simply not impactful. So long as it doesn’t change the outcome of a transaction, does it matter that it’s not the way the creator of the transaction intended?Anonymous 2018-01-09T06:24:22.393