You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bip-0053.mediawiki
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,11 +38,11 @@ This has been mitigated by Bitcoin Core's relay policy and the RPC interface sin
38
38
64-byte transactions introduce block malleability. Malicious peers can construct consensus valid and invalid 64-byte
39
39
transactions that have the same serialization as the concatenation of 2 hashes in the Merkle tree.
40
40
41
-
Assume we have a valid Bitcoin block with 2 transactions in it that have transaction ids of T<sub>0</sub> and T<sub>1</sub>.
42
-
The Merkle root for this block is H(T<sub>0</sub>||T<sub>1</sub>).
43
-
A malicious user could find a 64-byte transaction T<sub>m</sub> that serializes to T<sub>0</sub>||T<sub>1</sub>.
41
+
Assume we have a valid Bitcoin block with 2 transactions in it with Txid<sub>0</sub> and Txid<sub>1</sub>.
42
+
The Merkle root for this block is H(Txid<sub>0</sub>||Txid<sub>1</sub>).
43
+
A malicious user could find a 64-byte transaction T<sub>m</sub> that serializes to Txid<sub>0</sub>||Txid<sub>1</sub>.
44
44
Next that user relays the block containing the malicious T<sub>m</sub> rather than the
45
-
valid Bitcoin transactions that correspond with T<sub>0</sub> and T<sub>1</sub>.
45
+
valid Bitcoin transactions that correspond to Txid<sub>0</sub> and Txid<sub>1</sub>.
46
46
47
47
==== Block malleability with consensus INVALID transactions ====
48
48
@@ -84,7 +84,7 @@ are less constrained than the first 32 bytes) are constructed so that they colli
84
84
with the hash of some other fake, invalid transaction F. The attacker can fool the SPV client into believing that F
85
85
was included in a Bitcoin block rather than T with 81 bits<ref>[[bip-0053/2-BitcoinMerkle.pdf|An attacker who can do 81 bits of work (followed by another 40 bits of work, to
86
86
construct the funding transaction whose coins will be spent by this one) is able
87
-
to fool an SPV client in this way.]]</ref> of work. This also reduces implementation complexity for SPV wallets<ref>[https://delvingbitcoin.org/t/great-consensus-cleanup-revival/710/43 The steps needed to make sure a Merkle proof for a transaction is secure.]</ref>.
87
+
to fool an SPV client in this way.]]</ref> of work. Disallowing 64-byte transactions reduces implementation complexity for SPV wallets<ref>[https://delvingbitcoin.org/t/great-consensus-cleanup-revival/710/43 The steps needed to make sure a Merkle proof for a 64-byte transaction is secure.]</ref>.
0 commit comments