From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <contact@taoeffect.com> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 7142BB4B for <bitcoin-dev@lists.linuxfoundation.org>; Tue, 6 Jun 2017 23:19:42 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from homiemail-a38.g.dreamhost.com (homie.mail.dreamhost.com [208.97.132.208]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8505315F for <bitcoin-dev@lists.linuxfoundation.org>; Tue, 6 Jun 2017 23:19:41 +0000 (UTC) Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 0138010AFB8; Tue, 6 Jun 2017 16:19:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=taoeffect.com; bh=QEkg0vSJ1wCXOB/XN /F6vlju6KI=; b=b7cj0P4jFY3omoNN1QExs+aefjRpOe8J2wWeYGlIKdqJUobSJ OvVjv6pJO6kqovWgBq/XI3o3sxpP8MeIMz7GBtybXs/3uEzDw/djvl6ausPKvKS6 R2+TKfqFRiWEqUO9PaHTIs5stbzSIAXJQrOLuvsxCijb+bVoOkdDz1Jllk= Received: from [192.168.42.64] (184-23-255-227.fiber.dynamic.sonic.net [184.23.255.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 8ECAC10AFB5; Tue, 6 Jun 2017 16:19:40 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Tao Effect <contact@taoeffect.com> In-Reply-To: <201706062308.12531.luke@dashjr.org> Date: Tue, 6 Jun 2017 16:19:39 -0700 X-Mao-Original-Outgoing-Id: 518483979.256879-77d63ffa95455ed930001d8844c73281 Message-Id: <3F598630-86AA-4ACC-AD71-BB594767276C@taoeffect.com> References: <31833011-7179-49D1-A07E-8FD9556C4534@taoeffect.com> <201706062308.12531.luke@dashjr.org> To: Luke Dashjr <luke@dashjr.org> X-Mailer: Apple Mail (2.3273) X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 06 Jun 2017 23:27:03 +0000 Cc: bitcoin-dev@lists.linuxfoundation.org Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Tue, 06 Jun 2017 23:19:42 -0000 --Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996 Content-Type: multipart/alternative; boundary="Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63" --Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > Replay is a solved problem. Point to this solved problem? Your "solution" here is not a solution: = https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_we_have_= an_educated_discussion/diey21t/?context=3D3 = <https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_we_have= _an_educated_discussion/diey21t/?context=3D3> > This is nothing but unfounded FUD. It is very simple to implement and > guaranteed to work eventually. It may be time consuming, but that is = the only > truth here. The only risk is that of a long reorg, the same as double = spend > attacks. Let's assume you invented a simple way to double-spend txns to self = (which you haven't, fyi), then that is an issue in of itself as the = point of bitcoin is to *prevent* double-spending to self. There would need to be much more time for the community to discuss the = implications of wallets have a "double-spend to self" button in them. > What kind of "fungibility" does this FUD claim it destroys? Destroying = cross- > chain fungibility is the very *intent* of replay protection. And it = does not > destroy same-chain fungibility any more than any other miner spending. Yes it does destroy same-chain fungibility, as discussed on twitter [1], = you're making miner coins special on both chains. > Lack of replay protection does not mean there is no coin. It effectively does. If people want to proceed blindly, ignoring replay, = they're welcome to read about the consequences [2]. [1] https://twitter.com/taoeffect/status/872226556571131905 = <https://twitter.com/taoeffect/status/872226556571131905> [2] http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8 = <http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8> -- Please do not email me anything that you are not comfortable also = sharing with the NSA. > On Jun 6, 2017, at 4:08 PM, Luke Dashjr <luke@dashjr.org = <mailto:luke@dashjr.org>> wrote: >=20 > On Tuesday 06 June 2017 10:39:28 PM Tao Effect via bitcoin-dev wrote: >> I believe the severity of replay attacks is going unvoiced and is not >> understood within the bitcoin community because of their lack of >> experience with them. >=20 > Replay is a solved problem. It can be improved on and made simpler, = but at > this point, replay only occurs when the sender is either negligent or > intending it. >=20 >> Both of the coin-splitting techniques given so far by the proponents = BIP148 >> are also untenable: >>=20 >> - Double-spending to self with nLockTime txns is insanely = complicated, >> risky, not guaranteed to work, extremely time consuming, and would = likely >> result in a massive increase in backlogged transactions and increased >> fees. >=20 > This is nothing but unfounded FUD. It is very simple to implement and > guaranteed to work eventually. It may be time consuming, but that is = the only > truth here. The only risk is that of a long reorg, the same as double = spend > attacks. >=20 >> - Mixing with 148 coinbase txns destroys fungibility. >=20 > What kind of "fungibility" does this FUD claim it destroys? Destroying = cross- > chain fungibility is the very *intent* of replay protection. And it = does not > destroy same-chain fungibility any more than any other miner spending. >=20 >> Without a coin, there is no real threat from BIP148. >=20 > Lack of replay protection does not mean there is no coin. Replay = protection is > equally a concern for the main (BIP148) chain and any legacy chains = malicious > miners might choose to split off. And none of this changes the fact = that such > miners will be unable to sell their legacycoins at Bitcoin market = prices, > because whether other transactions are replayed or not, *their* coins = won't be > valid on the main chain. >=20 > Luke --Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" content=3D"text/html= charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><blockquote type=3D"cite" class=3D"">Replay is a solved = problem.</blockquote><div class=3D""><br class=3D""></div>Point to this = solved problem?<div class=3D""><br class=3D""></div><div class=3D"">Your = "solution" here is not a solution:</div><div class=3D""><br = class=3D""></div><div class=3D""><a = href=3D"https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_= we_have_an_educated_discussion/diey21t/?context=3D3" = class=3D"">https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_ti= me_we_have_an_educated_discussion/diey21t/?context=3D3</a></div><div = class=3D""><br class=3D""></div><div class=3D""><blockquote type=3D"cite" = class=3D"">This is nothing but unfounded FUD. It is very simple to = implement and <br class=3D"">guaranteed to work eventually. It may = be time consuming, but that is the only <br class=3D"">truth here. = The only risk is that of a long reorg, the same as double spend <br = class=3D"">attacks.</blockquote><br class=3D""></div><div class=3D"">Let's= assume you invented a simple way to double-spend txns to self (which = you haven't, fyi), then that is an issue in of itself as the point of = bitcoin is to *prevent* double-spending to self.</div><div class=3D""><br = class=3D""></div><div class=3D"">There would need to be much more time = for the community to discuss the implications of wallets have a = "double-spend to self" button in them.<br class=3D""><div class=3D""><br = class=3D"webkit-block-placeholder"></div><div class=3D""><blockquote = type=3D"cite" class=3D"">What kind of "fungibility" does this FUD claim = it destroys? Destroying cross-<br class=3D"">chain fungibility is the = very *intent* of replay protection. And it does not <br = class=3D"">destroy same-chain fungibility any more than any other miner = spending.</blockquote><br class=3D""></div><div class=3D"">Yes it does = destroy same-chain fungibility, as discussed on twitter [1], you're = making miner coins special on both chains.</div><div class=3D""><br = class=3D""></div><div class=3D""><blockquote type=3D"cite" class=3D"">Lack= of replay protection does not mean there is no coin.</blockquote><br = class=3D""></div><div class=3D"">It effectively does. If people want to = proceed blindly, ignoring replay, they're welcome to read about the = consequences [2].</div><div class=3D""><br class=3D""></div><div = class=3D"">[1] <a = href=3D"https://twitter.com/taoeffect/status/872226556571131905" = class=3D"">https://twitter.com/taoeffect/status/872226556571131905</a></di= v><div class=3D"">[2] <a = href=3D"http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8"= = class=3D"">http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1= b8</a></div><div class=3D""> <span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 14px; font-style: normal; font-variant-caps: normal; font-weight: = normal; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; font-variant-ligatures: normal; = font-variant-position: normal; font-variant-numeric: normal; = font-variant-alternates: normal; font-variant-east-asian: normal; = line-height: normal; orphans: 2; widows: 2;" class=3D""><br = class=3D"Apple-interchange-newline">--</span><br style=3D"color: rgb(0, = 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; = font-variant-caps: normal; font-weight: normal; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = font-variant-ligatures: normal; font-variant-position: normal; = font-variant-numeric: normal; font-variant-alternates: normal; = font-variant-east-asian: normal; line-height: normal; orphans: 2; = widows: 2;" class=3D""><span style=3D"color: rgb(0, 0, 0); font-family: = Helvetica; font-size: 14px; font-style: normal; font-variant-caps: = normal; font-weight: normal; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; = font-variant-ligatures: normal; font-variant-position: normal; = font-variant-numeric: normal; font-variant-alternates: normal; = font-variant-east-asian: normal; line-height: normal; orphans: 2; = widows: 2;" class=3D"">Please do not email me anything that you are not = comfortable also sharing</span><span style=3D"color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 14px; font-style: normal; = font-variant-caps: normal; font-weight: normal; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = font-variant-ligatures: normal; font-variant-position: normal; = font-variant-numeric: normal; font-variant-alternates: normal; = font-variant-east-asian: normal; line-height: normal; orphans: 2; = widows: 2;" class=3D""> with the NSA.</span> </div> <br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jun 6, 2017, at 4:08 PM, Luke Dashjr <<a = href=3D"mailto:luke@dashjr.org" class=3D"">luke@dashjr.org</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div = class=3D"">On Tuesday 06 June 2017 10:39:28 PM Tao Effect via = bitcoin-dev wrote:<br class=3D""><blockquote type=3D"cite" class=3D"">I = believe the severity of replay attacks is going unvoiced and is not<br = class=3D"">understood within the bitcoin community because of their lack = of<br class=3D"">experience with them.<br class=3D""></blockquote><br = class=3D"">Replay is a solved problem. It can be improved on and made = simpler, but at <br class=3D"">this point, replay only occurs when the = sender is either negligent or <br class=3D"">intending it.<br = class=3D""><br class=3D""><blockquote type=3D"cite" class=3D"">Both of = the coin-splitting techniques given so far by the proponents BIP148<br = class=3D"">are also untenable:<br class=3D""><br class=3D"">- = Double-spending to self with nLockTime txns is insanely complicated,<br = class=3D"">risky, not guaranteed to work, extremely time consuming, and = would likely<br class=3D"">result in a massive increase in backlogged = transactions and increased<br class=3D"">fees.<br = class=3D""></blockquote><br class=3D"">This is nothing but unfounded = FUD. It is very simple to implement and <br class=3D"">guaranteed to = work eventually. It may be time consuming, but that is the only <br = class=3D"">truth here. The only risk is that of a long reorg, the same = as double spend <br class=3D"">attacks.<br class=3D""><br = class=3D""><blockquote type=3D"cite" class=3D"">- Mixing with 148 = coinbase txns destroys fungibility.<br class=3D""></blockquote><br = class=3D"">What kind of "fungibility" does this FUD claim it destroys? = Destroying cross-<br class=3D"">chain fungibility is the very *intent* = of replay protection. And it does not <br class=3D"">destroy same-chain = fungibility any more than any other miner spending.<br class=3D""><br = class=3D""><blockquote type=3D"cite" class=3D"">Without a coin, there is = no real threat from BIP148.<br class=3D""></blockquote><br class=3D"">Lack= of replay protection does not mean there is no coin. Replay protection = is <br class=3D"">equally a concern for the main (BIP148) chain and any = legacy chains malicious <br class=3D"">miners might choose to split off. = And none of this changes the fact that such <br class=3D"">miners will = be unable to sell their legacycoins at Bitcoin market prices, <br = class=3D"">because whether other transactions are replayed or not, = *their* coins won't be <br class=3D"">valid on the main chain.<br = class=3D""><br class=3D"">Luke<br = class=3D""></div></div></blockquote></div><br = class=3D""></div></body></html>= --Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63-- --Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZNziLAAoJEOxnICvpCVJHjAcP/igl+MVBQJRU18xQ9kL65ihq thkqYIdRBawx5AAB7GOvArBrLirAp2BtWyrCO4FiICoRHwcxBOb44oVlyJulMnub Llt6k3PPJuqgWopJvm26B/QZyV08ye/AxB3JLMXzA/9hwGHDCCWg83s2cCzsfZpd 0PfKFDgM6XGypoPc//EidhLBScbhZlhbPIJuduiD2LxZo8hbG+PU9PuJIOtigJaF aL2n2xdK76axNwRUo+SqyugbDATLI86JTIZyrfk6P6/zDAUxoMPWTM+16nCaQ9/A 47uaBxistLhbbkREDfX+q9TXtZoWRgO7zb9rhTbG6G6elbv2QAiyv+o1ep0eqb6a aqrzeZKpkXAYXMMpD2GwZnJLVQ7cyB/aJZs4T+IQ8ew6RNGv7yVdM2bT+gTHHuZ1 JpfIbzMcELLKqD6weqH85C1icL+DmYgu7iPqiMIa6lZ+1KqQXVHG3+UDadyqf/0q UBqmBm3Oe6Gz7+HwXa998xdZ7tk5JudisvifUrb1+OPpExdzbXQIV6bxDR1OnVYd j+ZzTiI0saHc5vkP7FXcfNve9/xcDPl5ZRr1CKKsznvT2AwDIiAGLmCOMKOohUl2 jJt7dcPwYDkqF0iEtBuB4lkcf3716kReEFUFWcWj+ITraycZsyzbKM0Xc841Ztnc 3K6BoIvl2hH62RSwPWtd =C1co -----END PGP SIGNATURE----- --Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996--