Why does Bitcoin use UTXO as transaction inputs instead of just public keys?

ArithmomanicVampire

jr. member

Activity: 45

Merit: 1

Quote from: gmaxwell on September 14, 2017, 09:12:01 PM

Alice pays address 1Bob for his monthly paycheck
Bob uses the 1Bob coin to pays address 1Carol for dinner

Alice pays address 1Bob again his next paycheck
Mallory shows up and replays the transaction where 1Bob is paid to 1Carol

Bob is sad.

There are many other cases like this. If you address all of the one by one, you just end up with an inefficient and inflexible version of the UTXO model.

I didn't think of replay attacks. Now this makes much more sense. Thank you very much!

gmaxwell

staff

Activity: 4284

Merit: 8808

Alice pays address 1Bob for his monthly paycheck
Bob uses the 1Bob coin to pays address 1Carol for dinner

Alice pays address 1Bob again his next paycheck
Mallory shows up and replays the transaction where 1Bob is paid to 1Carol

Bob is sad.

There are many other cases like this. If you address all of the one by one, you just end up with an inefficient and inflexible version of the UTXO model.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

What you are proposing is essentially an accounts system which then limits what you can do to just public keys and their addresses. But Bitcoin has a scripting language, and that scripting language is not limited to just public keys, it can do a lot of things. An accounts system would make that scripting language impossible to use because a script is not a public key. Also such a system has less double spend detection and resistance and it has less replay resistance. If a fork were to be made, transactions would be far more replayable without explicit UTXO references.

ArithmomanicVampire

jr. member

Activity: 45

Merit: 1

Quote from: aleksej996 on September 14, 2017, 03:40:41 PM

In the transaction's input a signature is a must. Otherwise, anyone with your public key (everyone, if you used your address before for spending coins) could make a transaction.

Agreed. That's why I wrote that the transaction should be signed with all public keys employed.

Quote from: aleksej996 on September 14, 2017, 03:40:41 PM

Second, UTXO (unspent transaction output) is a second half of the script that is attached to the input of the transaction that is spending those funds and needs to return 0 (maybe 1, I forgot) in order to be valid. So you kinda need it to make sure that you can spend the funds.

Does this mean the need to include UTXO is a concession to the powerful script system Bitcoin has? Put another way: in a hypothetical, very simple altcoin with no scripts and that can do only simple transfers, it would be possible to get rid of the need to include the UTXO in the transaction?

aleksej996

sr. member

Activity: 490

Merit: 389

Do not trust the government

In the transaction's input a signature is a must. Otherwise, anyone with your public key (everyone, if you used your address before for spending coins) could make a transaction.

Second, UTXO (unspent transaction output) is a second half of the script that is attached to the input of the transaction that is spending those funds and needs to return 0 (maybe 1, I forgot) in order to be valid. So you kinda need it to make sure that you can spend the funds.

ArithmomanicVampire

jr. member

Activity: 45

Merit: 1

In Bitcoin, a simple transaction input consists essentially of a TXO, a public key, and a signature. A database is used to check that the TXO is actually an UTXO.

Why not use simply the public key as input and have the transaction signed with each public key employed? In this case, the database maps addresses to the sum of their unspent outputs. Am I missing something?

Topic: Why does Bitcoin use UTXO as transaction inputs instead of just public keys? (Read 658 times)