diff --git a/zip-0239.html b/zip-0239.html index c0d7f1ab..455fda9d 100644 --- a/zip-0239.html +++ b/zip-0239.html @@ -28,16 +28,16 @@ Pull-Request: <https://githu

Motivation

Historically, as in Bitcoin, the inv and getdata messages sent on the Zcash peer-to-peer network to announce or request transactions have referred to those transactions by txid.

Prior to the introduction of v5 transactions 3 in the NU5 network upgrade 5, a txid was always defined as the SHA-256d hash of the transaction data, the encoding of which is the same in block data and in the peer-to-peer protocol.

-

For v5 transactions, a new transaction digest algorithm is defined that constructs the txid from a tree of hashes, which include only effecting data 4. Witness data is committed to by a separate "authorizing digest".

+

For v5 transactions, a new transaction digest algorithm is defined that constructs the txid from a tree of hashes, which include only effecting data 4. Witness data is committed to by a separate "authorizing digest". Unlike previous transaction versions, the format of serialized v5 transaction data is not consensus-critical.

Not committing to the witness data in v5 transaction announcements would create inefficiencies: because a v5 transaction's witness can be malleated without altering the txid, a node in receipt of a v5 transaction that the node does not accept would generally still have to download that same transaction when announced by other peers. This is because the alternative — of not downloading a v5 transaction with a given txid after rejecting a previous transaction with that txid — would allow a third party to interfere with transaction relay by malleating a transaction's witness and announcing the resulting invalid transaction to nodes, preventing relay of the valid version of the transaction as well.

This inefficiency was present in Bitcoin for almost 3 years after activation of its Segwit upgrade 8, until the adoption of BIP 339 9. The latter BIP specifies a way to use the Segwit "wtxid" (which commits to both effecting and witness data) in place of the txid when announcing and fetching transactions. In Zcash, the analogous identifier is the pair (txid, auth_digest).

This ZIP is modelled after BIP 339: it adds a MSG_TXV5 inv type to the peer-to-peer protocol, analogous to BIP 339's MSG_WTX inv type, that announces transactions by their (txid, auth_digest) pair. It does not introduce any equivalent of BIP 339's wtxidrelay message, since that is not needed for compatibility given that Zcash full nodes are required to support MSG_TXV5 based on the negotiated peer protocol version (see Deployment).

Specification

-

A new inv type MSG_TXV5 (0x00000005) is added, for use in both inv messages and getdata requests, indicating that the hash being referenced is the 64-byte value txid || auth_digest. This inv type MUST be used when announcing v5 transactions, and only for such transactions. The txid and auth_digest are as defined in 4.

+

A new inv type MSG_TXV5 (0x00000005) is added, for use in both inv messages and getdata requests, indicating that the hash being referenced is the 64-byte value txid || auth_digest. This inv type MUST be used when announcing v5 transactions. The txid and auth_digest are as defined in 4.

In the case of getdata requests, the format of a v5 transaction obtained by a MSG_TXV5 inv type is as given in the Zcash protocol specification. 7

-

An inv or getdata message MUST NOT use the MSG_TXV5 inv type for v4 transactions, or on peer connections that have not negotiated at least the peer protocol version specified in Deployment.

-

Note that the name MSG_TXV5 does not imply that this inv type cannot be used for future transaction versions after v5. New inv types might be added for future transaction versions, but only as needed.

+

An inv or getdata message MUST NOT use the MSG_TXV5 inv type for v4 or earlier transactions, or on peer connections that have not negotiated at least the peer protocol version specified in Deployment.

+

Note that the name MSG_TXV5 does not imply that this inv type will not be used for future transaction versions after v5. Since such versions are not currently consensus-valid, this is left unspecified. New inv types might be added for future transaction versions, but only as needed.

MSG_TX and MSG_TXV5 entries may be mixed in arbitrary order in an inv message or a getdata message. Since these entry types are of different lengths (36 bytes or 68 bytes respectively including the 4-byte type field), this implies that the size of the message is not determined by its initial count field, and has to be determined by parsing the whole message.

Open issue: