From: Pieter Wuille <pieter.wuille@gmail.com>
To: Ben Reeves <support@pi.uk.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Duplicate transactions vulnerability
Date: Thu, 1 Mar 2012 15:30:30 +0100 [thread overview]
Message-ID: <20120301143029.GA18168@vps7135.xlshosting.net> (raw)
In-Reply-To: <CAPBPUnpj=u53Nvvvu54e2X462gPshLQ5rUcPosxvoNAXp6uN8w@mail.gmail.com>
On Thu, Mar 01, 2012 at 01:09:02PM +0000, Ben Reeves wrote:
> One more thing to add. The implementation in the reference patch fixes
> the blockchain forking issue however by still allowing spent coinbases
> to be disconnected patched clients are still vulnerable to blockchain
> corruption. While not an immediate issue it would mean
> LoadBlockIndex() would error on restart and could cause problems for
> new clients during the initial blockchain download.
I don't understand this.
> Is there a reason not to disallow duplicate coinbases entirely?
Just disallowing duplicate coinbases is possible, but it requires keeping a
set of all coinbases transaction around until infinity. That's not really a problem,
but it can be avoided. One very reasonable proposed solution is adding the block
height to the coinbase. However, as coinbases are used for all kinds of things
already, this is harder to roll out network-wide. Hence, first this "emergency"
solution that already prevents (afaik) all practical attacks, and in a later step
forcing unique coinbases, so that transactions can be assumed to be unique
identifiable by their hash again.
--
Pieter
next prev parent reply other threads:[~2012-03-01 14:30 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-28 16:48 [Bitcoin-development] Duplicate transactions vulnerability Pieter Wuille
2012-02-28 17:12 ` Brautigam Róbert
2012-02-28 17:18 ` Pieter Wuille
2012-02-28 18:10 ` Gavin Andresen
2012-02-28 18:23 ` Luke-Jr
2012-02-28 20:24 ` Pieter Wuille
2012-02-28 20:35 ` Ben Reeves
2012-02-29 1:41 ` Zooko Wilcox-O'Hearn
2012-02-29 16:47 ` Pieter Wuille
2012-02-29 17:02 ` Amir Taaki
2012-02-29 21:00 ` Stefan Thomas
2012-02-29 22:05 ` Ben Reeves
2012-02-29 22:38 ` Matt Corallo
2012-02-29 22:46 ` Gavin Andresen
2012-02-29 23:00 ` Ben Reeves
[not found] ` <20120229232029.GA6073@vps7135.xlshosting.net>
2012-02-29 23:45 ` Pieter Wuille
2012-03-01 10:15 ` Ben Reeves
2012-03-01 13:09 ` Ben Reeves
2012-03-01 14:27 ` Gregory Maxwell
2012-03-01 17:20 ` Ben Reeves
2012-03-01 14:30 ` Pieter Wuille [this message]
2012-03-02 1:56 ` Pieter Wuille
2012-03-03 16:41 ` Pieter Wuille
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120301143029.GA18168@vps7135.xlshosting.net \
--to=pieter.wuille@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=support@pi.uk.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox