From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id BC2FCC83 for ; Mon, 9 Sep 2019 04:47:22 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mr85p00im-ztdg06021801.me.com (mr85p00im-ztdg06021801.me.com [17.58.23.195]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 589916D6 for ; Mon, 9 Sep 2019 04:47:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=1a1hai; t=1568004440; bh=RBhxfn6cF48iwlXoSC/sz+ku57ovrZSZl5Lwouu6rCA=; h=From:Content-Type:Date:Subject:Message-Id:To; b=f60b16GBLDhQY5faM63xtKhulHGQUtUNehnCsaQOrqrz0hmVp6bDC6lP4RBL/zyT6 O8IZrLUAd8RVDgv8RiWGQfCFZ2F52abIMFUsk/bSuMB6b87jiUEAsbqB+EZaA3pF/P SEhiLKEbbIAEa9d2zLdwA04vlncBUb30kzfCO7ozGvhWRD5DdizjkI9g4a5JAeKb0A aS3E6obBiGkCxzRDdMFecR9rRxozWd2vH7Fj2jD47Y9zv8WBoRzleDjTwPMvi6OFth UueYOWsLhhZbqO5pc9bMSJGjcSBM9lUzihWI2CrxxZg96vjQAtsy7ooHqH4SIxbNN7 Pvdb2YK7TfVhg== Received: from [100.107.225.45] (unknown [1.144.150.53]) by mr85p00im-ztdg06021801.me.com (Postfix) with ESMTPSA id A5FAA18097A; Mon, 9 Sep 2019 04:47:20 +0000 (UTC) From: Dragi Bucukovski Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Date: Mon, 9 Sep 2019 14:47:17 +1000 Message-Id: <05D1AEA5-5374-4183-AE19-8E071C13AEA8@icloud.com> References: In-Reply-To: To: ZmnSCPxj , Bitcoin Protocol Discussion X-Mailer: iPhone Mail (16F203) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-09_03:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1812120000 definitions=main-1909090051 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, MIME_QP_LONG_LINE, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 09 Sep 2019 06:55:00 +0000 Subject: Re: [bitcoin-dev] PoW fraud proofs without a soft fork X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Sep 2019 04:47:22 -0000 How much do I have in my account can you please tell me=20 Sent from my iPhone > On 9 Sep 2019, at 2:14 pm, ZmnSCPxj via bitcoin-dev wrote: >=20 > Good morning Ruben, >=20 >=20 >> One might intuitively feel that the lack of a commitment is unsafe, >> but there seems to be no impact on security (only bandwidth). The only= >> way you can be fooled is if all peers lie to you (Sybil), causing you >> to follow a malicious minority chain. But even full nodes (or the >> committed version of PoW fraud proofs) can be fooled in this way if >> they are denied access to the valid most PoW chain. If there are >> additional security concerns I overlooked, I=E2=80=99d love to hear th= em. >=20 >=20 > I think it would be better to more precisely say that: >=20 > 1. In event of a sybil attack, a fullnode will stall and think the blockc= hain has no more miners. > 2. In event of a sybil attack, an SPV, even using this style, will follow= the false blockchain. >=20 > This has some differences when considering automated systems. >=20 > Onchain automated payment processing systems, which use a fullnode, will r= efuse to acknowledge any incoming payments. > This will lead to noisy complaints from clients of the automated payment p= rocessor, but this is a good thing since it warns the automated payment proc= essor of the possibility of this attack occurring on them. > The use of a timeout wherein if the fullnode is unable to see a new block f= or, say, 6 hours, could be done, to warn higher-layer management systems to p= ay attention. > While it is sometimes the case that the real network will be unable to fin= d a new block for hours at a time, this warning can be used to confirm if su= ch an event is occurring, rather than a sybil attack targeting that fullnode= . >=20 > On the other hand, such a payment processing system, which uses an SPV wit= h PoW fraud proofs, will be able to at least see incoming payments, and cont= inue to release product in exchange for payment. > Yet this is precisely a point of attack, where the automated payment proce= ssing system is sybilled and then false payments are given to the payment pr= ocessor on the attack chain, which are double-spent on the global consensus c= hain. > And the automated system may very well not be able to notice this. >=20 > Regards, > ZmnSCPxj > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev