95277e0311
A fix for transaction malleability This PR fixes transaction malleability by not including the sigscript of transaction inputs and joinsplit sigs when hashing the txid. This PR supercedes PR #1101 which was a minimal solution based on a new serialization flag. This PR introduces GetTxid() to distinguish between getting a transaction id and the double sha256 hash. The key changes are: - Adding GetTxid() method to CTransaction which makes a copy of the transaction, clearing out the sigscript and joinsplitsig fields, before hashing. - Verifying that every call to GetHash() actually wants a txid, and replacing with GetTxid(). - Renaming GetHash() to GetSerializeHash() - Rationale: In future, upstream code we want to merge will use GetHash() but we don't know the intent. We should check to see if the intent is to receive a txid (most likely) in which case we replace with GetTxid(), or if upstream actually wants a double hash of the transaction we can use GetSerializeHash(). - Updated genesis data in chainparams.cpp Note that coinbase transactions are excluded as they need the sigscript hashed to help avoid duplicate txids per BIP34: - This modification is related to a question from @ebfull on PR #1101 - "Can we think of a way this change allows us to construct two transactions with the same txid which can simultaneously appear in the blockchain? My guess is it would be possible to construct a coinbase transaction of such a form... this surely breaks invariants." This PR Passes all tests in test_bitcoin (test data was updated in bloom_tests, miner_tests and script_tests). |
||
---|---|---|
.tx | ||
build-aux/m4 | ||
contrib | ||
depends | ||
doc | ||
qa | ||
share | ||
src | ||
zcutil | ||
.gitattributes | ||
.gitignore | ||
.travis.yml | ||
COPYING | ||
INSTALL | ||
Makefile.am | ||
README.md | ||
autogen.sh | ||
code_of_conduct.md | ||
configure.ac | ||
libbitcoinconsensus.pc.in |
README.md
Zcash
Where do I begin?
We have a guide for joining the public testnet: https://github.com/zcash/zcash/wiki/Public-Alpha-Guide
What is Zcash?
Zcash is an implementation of the "Zerocash" protocol. Based on Bitcoin's code, it intends to offer a far higher standard of privacy and anonymity through a sophisticiated zero-knowledge proving scheme which preserves confidentiality of transaction metadata.
Zcash is unfinished and highly experimental. Use at your own risk.
Participation in the Zcash project is subject to a Code of Conduct.
Security Warnings
See important security warnings in doc/security-warnings.md.
License
Zcash is released under the terms of the MIT license. See COPYING for more information or see http://opensource.org/licenses/MIT.