0
I understand that after segwit the transaction ID can't be malleated, but can't the witness part be malleated, just like the scriptSig can in a non-segwit transaction?
0
I understand that after segwit the transaction ID can't be malleated, but can't the witness part be malleated, just like the scriptSig can in a non-segwit transaction?
4
but can't the witness part be malleated, just like the scriptSig can in a non-segwit transaction?
Yes, absolutely.
But the witness does not contribute to the transaction id (txid), which is what subsequent transactions refer to. Because of this, malleating a witness in a given transaction does not invalidate follow-up transactions using this transaction as an input. This is important for any application where multiple parties rely on an unconfirmed transaction to keep a stable txid.
1
Yes, the witness can be mutated before it is in a block. Once in a block it’s committed to with a hash. This is not impactful, any modification that doesn’t change the validity doesn’t matter for the creator or receiver of the transaction.
I'm uncomfortable saying it's not impactful. It's like saying malleability doesn't matter. Also before segwit the malleable transaction was committed to with a hash. There could be potential applications depending on non-malleability of the witness. – relG – 2017-12-06T12:32:05.903
What applications? The only application of the scriptSig is to validate a transaction, nothing can ever access it so there’s no possible reason to be using it. – Anonymous – 2017-12-06T13:00:30.063
I confess I don't have a great example, but malleability can have unexpected subtle attacks (otherwise people wouldn't bother to solve it). So, at the very least, I would suggest changing "This is not impactful.." to "This may not be impactful..". – relG – 2017-12-06T14:46:09.193
It is simply not impactful. So long as it doesn’t change the outcome of a transaction, does it matter that it’s not the way the creator of the transaction intended? – Anonymous – 2018-01-09T06:24:22.393