From: Luke Dashjr <luke@dashjr.org>
To: bitcoin-dev@lists.linuxfoundation.org,
Cameron Garnham <da2ce7@gmail.com>
Subject: Re: [bitcoin-dev] Strong Anti-Replay via Coinbase Transactions
Date: Wed, 29 Mar 2017 09:15:57 +0000 [thread overview]
Message-ID: <201703290915.58724.luke@dashjr.org> (raw)
In-Reply-To: <07F54C7C-5F26-446D-A479-7F81BD131151@gmail.com>
On Saturday, March 25, 2017 3:30:22 AM Cameron Garnham via bitcoin-dev wrote:
> ==Definitions==
It's blank?
> ==Specification==
>
> Upon activation of the soft-fork (activation methodology undefined in this
> proposal), the following new rules become activated on the Bitcoin
> Network.
The activation methodology should be defined. It can be a TODO for now.
> New ‘anti-replay’ OpCode. Take an unused NoOp and redefine it as
> ‘OP_ANTI_REPLAY’.
Need to be specific about which NOP.
> The script must only have the form:
>
> scriptPubKey: (empty)
> scriptSig: OP_ANTI_REPLAY
>
> OP_ANTI_REPLAY has the following specification:
>
> • OP_ANTI_REPLAY outputs must only be created in a coinbase transaction.
This is contradicting. scriptSig is not part of an output. Did you get the two
scripts inverted?
> • OP_ANTI_REPLAY coinbase outputs must only have the value of 1 Satoshi.
Why burn a satoshi?
> • Transaction must not included more than 1 OP_ANTI_REPLAY input.
include*
> • If a OP_ANTI_REPLAY input is included in a transaction, the transaction
> must also be marked as Opt-In-RBF (BIP 125).
This is a layering violation. BIP 125 does not affect the consensus rules.
> In the case of an chain split after this BIP has activated, miners should
> ‘recycle’ all the OP_ANTI_REPLAY outputs via spending and recreating them
> in new blocks. Renewing the protection to the new chain.
*a* chain split
This recycling is going to be pretty spammy... especially if transactions are
limited to one each.
Chain splits also happen regularly (probably at least once or twice every few
hundred blocks). Since generated UTXOs cannot be spent for 100 blocks, it is
likely anything using this would require constant updating.
It also requires active awareness from the miner that a split is occurring.
Usually, this is not known until the block is solved, and it is too late to
make these recycling transactions.
> === Reference implementation ===
>
> To-Be-Implemented
I don't think it's possible to implement for the reasons mentioned above.
> ==Rationale==
>
> The only know way of guaranteeing that a transaction cannot be replayed is
> to include an input that cannot exist, by-definition, on the alternative
> chain.
known*
Another way is to commit to a specific chain explicitly, as with my proposed
OP_CHECKBLOCKATHEIGHT.
> This BIP makes it convenient for wallets to automate the inclusion of new
> coinbase inputs into transactions that spend potentially repayable
> transactions. Everything in this BIP could be done manually by close
> cooperation between the users and miners, however the author thinks that
> it is preferable to have it well-defined and enforced.
>
> On Opt-In-RBF enforcement: In the case of conflicting spends of
> OP_ANTI_REPLAY outputs, the higher-fee transaction should take priority.
> Wallets may select a random OP_ANTI_REPLAY, then check if the competing
> transaction has a sufficiently low fee to be replaced.
This isn't convenient. Most wallets have no reasonable way to check if there
are any competing transactions, much less what the fee for them is.
Why not just use a single reserved output, and have it recycle as part of the
transactions? This can be done so long as the signature doesn't commit to the
recycle input. So for each transaction, there would be an input with the last-
recycle-txid (tracked by the miner as it builds the block), and an output
generating the next-recycle-txid. Wallets could just indicate this input to be
used by providing a special hash as the input which is not covered under the
signature.
> It is expected that every OP_ANTI_REPLAY output will be in the memory pools
> waiting to be spend; users must compete for this resource.
UTXO set, not memory pool?
Luke
prev parent reply other threads:[~2017-03-29 9:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-25 3:30 [bitcoin-dev] Strong Anti-Replay via Coinbase Transactions Cameron Garnham
2017-03-29 9:15 ` Luke Dashjr [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201703290915.58724.luke@dashjr.org \
--to=luke@dashjr.org \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=da2ce7@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox