Replacement transactions in T1

[andrewkozlik]

I gave some thought to implementing a basic form of replacement transactions in T1 specifically for RBF. Basic means:

• No support for multisig. I would implement a highly simplified form of signature verification, which would only be able to verify our own signatures, since that's all we need. The advantage is we wouldn't have to implement all the scriptSig, scriptPubKey and witness parsing, only a basic form which just looks up the signature in the witness or scriptSig. We would need to implement DER-signature parsing, but that's not too much trouble considering for example that we don't even need to implement the long form of length encoding.
• Obviously no support for PayJoin, because we don't support the EXTERNAL input type in T1.
• No support for multiple original transactions.

What needs to be implemented:

• Computation of BIP-143 hash for the original transaction (segwit P2WPKH).
• Computation of transaction digest for the original transaction (legacy P2PKH)
• Computation of TXID for the original transaction.
• Replicate logic for change-output identification in original transactions. It would be sufficient to only do wallet path checks, since we won't support multisig anyway.
• Signature verification (of our own signatures) and DER-signature parsing.
• Add several substages to the existing flow:
  • Add STAGE_REQUEST_1_ORIG_META. Triggered after STAGE_REQUEST_1_INPUT if orig_hash is set for the first time.
  • Add STAGE_REQUEST_1_ORIG_INPUT. Triggered after STAGE_REQUEST_1_ORIG_META and after STAGE_REQUEST_1_INPUT if orig_hash is set.
  • Add STAGE_REQUEST_2_ORIG_OUTPUT. Triggered after STAGE_REQUEST_2_OUTPUT if orig_hash is set.
• Some additional logic to check outputs and skip their confirmation.
• Some additional logic to check for transaction finalization, locktime etc.

My estimate for the implementation in man-days is 3 (optimistic), 5 (realistic) or 10 (pessimistic).

[tsusanka]

This was done by #1380 correct?