Why Not Just Use X? An Instructive Example from Bitcoin

Bitcoin developer Gregory Maxwell writes the pursuing on Reddit:

There is simply a plan flaw successful the Bitcoin protocol wherever its imaginable for a 3rd enactment to instrumentality a valid transaction of yours and mutate it successful a mode which leaves it valid and functionally identical but with a antithetic transaction ID. This greatly complicates penning close wallet software, and it tin beryllium utilized abusively to invalidate agelong chains of unconfirmed transactions that beryllium connected the non-mutant transaction (since transactions notation to each different by txid).

This contented arises from respective sources, 1 of them being OpenSSL’s willingness to judge and marque consciousness of signatures with invalid encodings. A mean ECDSA signature encodes 2 ample integers, the encoding isn’t changeless length— if determination are starring zeros you are expected to driblet them.

It’s casual to constitute bundle that assumes the signature volition beryllium a changeless magnitude and past permission other starring zeros successful them.

This is simply a precise absorbing cautionary tale, and is peculiarly important due to the fact that situations similar these are portion of the crushed wherefore we person made definite plan decisions successful our improvement philosophy. Specifically, the contented is this: galore radical proceed to bring up the constituent that we are successful galore places unnecessarily reinventing the wheel, creating our ain serialization format, RLP, alternatively of utilizing the existing protobuf and we’re gathering an application-specific scripting connection alternatively of “just utilizing Lua”. This is simply a precise valid concern; not-invented-here syndrome is simply a commonly-used pejorative, truthful doing specified in-house improvement does necessitate justification.

And the cautionary communicative I quoted supra provides precisely the cleanable illustration of the justification that I volition provide. External technologies, whether protobuf, Lua oregon OpenSSL, are precise good, and person years of improvement down them, but successful galore cases they were ne'er designed with the cleanable consensus, determinism and cryptographic integrity successful caput that cryptocurrencies require. The OpenSSL concern supra is the cleanable example; speech from cryptocurrencies, determination truly is nary different situations wherever the information that you tin instrumentality a valid signature and crook it into different valid signature with a antithetic hash is simply a important problem, and yet present it’s fatal. One of our halfway principles successful Ethereum is simplicity; the protocol should beryllium arsenic elemental arsenic possible, and the protocol should not incorporate immoderate achromatic boxes. Every azygous diagnostic of each azygous sub-protocol should beryllium precisely 100% documented connected the whitepaper oregon wiki, and implemented utilizing that arsenic a specification (ie. test-driven development). Doing this for an existing bundle bundle is arguably astir arsenic hard arsenic gathering an wholly caller bundle from scratch; successful fact, it whitethorn adjacent beryllium harder, since existing bundle packages often person much complexity than they request to successful bid to beryllium feature-complete, whereas our alternatives bash not – work the protobuf spec and comparison it to the RLP spec to recognize what I mean.

Note that the supra rule has its limits. For example, we are surely not foolish capable to commencement inventing our ain hash algorithms, alternatively utilizing the universally acclaimed and well-vetted SHA3, and for signatures we’re utilizing the aforesaid aged secp256k1 arsenic Bitcoin, though we’re utilizing RLP to store the v,r,s triple (the v is an other 2 bits for nationalist cardinal betterment purposes) alternatively of the OpenSSL buffer protocol. These kinds of situations are the ones wherever “just utilizing X” is precisely the close happening to do, due to the fact that X has a cleanable and well-understood interface and determination are nary subtle differences betwixt antithetic implementations. The SHA3 of the bare drawstring is c5d2460186...a470 successful C++, successful Python, and successful Javascript; there’s nary statement astir it. In betwixt these 2 extremes, it’s fundamentally a substance of uncovering the close balance.