From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 2807D155E for ; Wed, 7 Oct 2015 16:38:46 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from azure.erisian.com.au (cerulean.erisian.com.au [106.187.51.212]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2E881225 for ; Wed, 7 Oct 2015 16:38:44 +0000 (UTC) Received: from aj@azure.erisian.com.au (helo=navy.erisian.com.au) by azure.erisian.com.au with esmtpsa (Exim 4.84 #2 (Debian)) id 1Zjrjk-0003fi-UI for ; Thu, 08 Oct 2015 02:38:42 +1000 Received: by navy.erisian.com.au (sSMTP sendmail emulation); Thu, 08 Oct 2015 02:38:37 +1000 Date: Thu, 8 Oct 2015 02:38:37 +1000 From: Anthony Towns To: bitcoin-dev@lists.linuxfoundation.org Message-ID: <20151007163837.GA28855@navy> References: <20150927185031.GA20599@savin.petertodd.org> <20151007150014.GA21849@navy> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Score: -1.9 X-Spam-Score-int: -18 X-Spam-Bar: - X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Let's deploy BIP65 CHECKLOCKTIMEVERIFY! X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 16:38:46 -0000 On Wed, Oct 07, 2015 at 08:46:08AM -0700, Jonathan Toomim (Toomim Bros) via bitcoin-dev wrote: > On Oct 7, 2015, at 8:00 AM, Anthony Towns via bitcoin-dev wrote: > > *But* a soft fork that only forbids transactions that would previously > > not have been mined anyway should be the best of both worlds, ... > I agree with pretty much everything you wrote except the above paragraph. > An attacker can create a transaction that [...] A miner on the old version > includes this transaction into a block, [...] The point of that case is that there aren't such miners, so that exploit doesn't apply. In particular, AIUI, you'll have a hard job right now finding someone to mine an OP_NOP2 transaction -- eligius might do it, but I don't think many others will. And you also need your currently OP_NOP2-friendly miner not to upgrade to an OP_CLTV-validating codebase, so I don't think eligius will qualify there. > Those of you who know Script better than me: would this be an example of a transaction that would be spendable with a valid sig XOR with (far future date OR old code)? > > OP_DUP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIGVERIFY OP_PUSHDATA OP_CLTV If you want XOR, you'd need something more like: OP_IF OP_DUP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIGVERIFY OP_ELSE OP_CLTV OP_ENDIF But that' still fail IsStandard and DISCOURAGE_UPGRADABLE_NOPS checks if you tried spending without a valid sig, so wouldn't be mined by current nodes. (Not having a sig would also allow anyone to spend it to themselves, so that might make it hard to use as a basis for double spends anyway...) Cheers, aj