Transaction malleability fix?

As a bitcoin fork, Zcash probably suffers from transaction malleability. Are there any plans to integrate SegWit or other malleability fixes?

They would focus on it if it's actually a problem.

Zcash has 2mb blocks, which should take many years to come even close to.

This is irrelevant. SegWit first and foremost enables Layer 2 systems such as Lightning Network.

We definitely plan to integrate a malleability fix. We have been considering both a SegWit-style approach and a FlexTrans-style approach. There are benefits and trade-offs to both approaches:

  • SegWit is implemented and tested, and has significant third-party support, which should in theory make using it easier. In practice, SegWit touches so much of the Bitcoin Core codebase that it will require very careful integration with our changes. Additionally, we cannot merge SegWit as-is from upstream, because the mechanism they have used to identify SegWit transactions (zero inputs, one output) directly conflicts with our shielded transactions (which can have zero inputs), so third-party SegWit code would need to add explicit Zcash-specific workarounds.
  • FlexTrans is significantly simpler both to implement and to reason about when considering our changes to the Bitcoin Core codebase. It does require third-party support for a completely different transaction format, but third parties already need to support a Zcash-specific transaction format if they want to support shielded transactions (which is to be fair only an extension to the Bitcoin format, but it does require Zcash-specific logic).
1 Like

If you implement Segwit it would be a huge loss for Zcash long-term (and short-term actually). FlexTrans is the way to go.

I'm pretty sure in this censorship-free environment there are a large number of users here strongly against Segwit. If we could avoid that political lightning rod it would be a smart move.

Leave apart the ideology. I believe, transaction malleability fix, which in turn, enables a BOLT implementation for Zcash, is a way to go. Only Lightning will make fast & cheap atomic swaps practical, to become core use case for Zcash private send tx. I urge Zcash team to introduce a fix with Sapling release, while we’re independently building an infrastructure for Zcash

I think it’s great to bring up this topic again @str4d. Is a Flexible Transactions addition up for discussion, or on the roadmap?

I’m going to jump on it and ask more information about the Bolt implementation.

We never heard anything else from Zcash (aside the [great] presentation at Zcon) after this blog post: https://blog.z.cash/bolt-private-payment-channels/ which is 2 years old

The foundation is funding an implementation of the core crypto protocols. Also it won’t necessarily require a a malleability fix since we need to add an op code to support bolt.