Re: Post your SegWit questions here - open discussion

Quote from: TransaDox on December 22, 2016, 08:01:17 PM

Quote from: amaclin on December 22, 2016, 01:49:04 PM

Quote

Of course. "Malleability" is an umbrella term

First of all, ecdsa malleablity is the abliity to change the signature itself for the same
data without invalidating it by the person who knows the secret or by the "middle-man"

Sure, because distinguishing between σ = (r,s) and σ'= (r,N − s) is just too hard for bitcoin, eh? Angry

Ripple uses (r,s) < (r,N − s)? (r,s):(r,N − s)

This has been done in Bitcoin, see BIP66: https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki

> LN will be the only side-chain

LN is not a sidechain. The fact that you say this suggests you know very basically exactly zero about LN. You might want to educate yourself before offering an opinion on it.

> The point is that malleability is an edge case symptom that can be solved without adding a lot more complexity

This is wrong on two counts: 1, no it cannot be solved in a different way without adding a lot more complexity, and 2, segwit, at least in general terms, is the architecturally correct and simple solution to the problem. See the bip62 doc that you were already linked to for details on the first point.

Bitcoin's existing design for this is just wrong (or at the very least, not the best one): the signatures authorizing the transaction are included inside the final txid hash, which is being used as a transaction identifier; but it doesn't identify the transaction. The authorising portion (signatures) should be outside the hashed data/transaction as they are not part of the semantic content of the transaction, they are only an authorisation of that semantic content.

There is a huge amount of resources that explain what segwit is, it is nothing to do with the paranoid fantasies being spread about. Do some research.