On Tuesday 06 June 2017 10:39:28 PM Tao Effect via bitcoin-dev wrote:
I believe the severity of replay attacks is going unvoiced and is not
understood within the bitcoin community because of their lack of
experience with them.
Replay is a solved problem. It can be improved on and made simpler, but at
this point, replay only occurs when the sender is either negligent or
intending it.
Both of the coin-splitting techniques given so far by the proponents BIP148
are also untenable:
- Double-spending to self with nLockTime txns is insanely complicated,
risky, not guaranteed to work, extremely time consuming, and would likely
result in a massive increase in backlogged transactions and increased
fees.
This is nothing but unfounded FUD. It is very simple to implement and
guaranteed to work eventually. It may be time consuming, but that is the only
truth here. The only risk is that of a long reorg, the same as double spend
attacks.
- Mixing with 148 coinbase txns destroys fungibility.
What kind of "fungibility" does this FUD claim it destroys? Destroying cross-
chain fungibility is the very *intent* of replay protection. And it does not
destroy same-chain fungibility any more than any other miner spending.
Without a coin, there is no real threat from BIP148.
Lack of replay protection does not mean there is no coin. Replay protection is
equally a concern for the main (BIP148) chain and any legacy chains malicious
miners might choose to split off. And none of this changes the fact that such
miners will be unable to sell their legacycoins at Bitcoin market prices,
because whether other transactions are replayed or not, *their* coins won't be
valid on the main chain.
Luke