From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <contact@taoeffect.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 7142BB4B
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  6 Jun 2017 23:19:42 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from homiemail-a38.g.dreamhost.com (homie.mail.dreamhost.com
	[208.97.132.208])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8505315F
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  6 Jun 2017 23:19:41 +0000 (UTC)
Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 0138010AFB8;
	Tue,  6 Jun 2017 16:19:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h=
	content-type:mime-version:subject:from:in-reply-to:date:cc
	:message-id:references:to; s=taoeffect.com; bh=QEkg0vSJ1wCXOB/XN
	/F6vlju6KI=; b=b7cj0P4jFY3omoNN1QExs+aefjRpOe8J2wWeYGlIKdqJUobSJ
	OvVjv6pJO6kqovWgBq/XI3o3sxpP8MeIMz7GBtybXs/3uEzDw/djvl6ausPKvKS6
	R2+TKfqFRiWEqUO9PaHTIs5stbzSIAXJQrOLuvsxCijb+bVoOkdDz1Jllk=
Received: from [192.168.42.64] (184-23-255-227.fiber.dynamic.sonic.net
	[184.23.255.227])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: contact@taoeffect.com)
	by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 8ECAC10AFB5; 
	Tue,  6 Jun 2017 16:19:40 -0700 (PDT)
Content-Type: multipart/signed;
	boundary="Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996";
	protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <201706062308.12531.luke@dashjr.org>
Date: Tue, 6 Jun 2017 16:19:39 -0700
X-Mao-Original-Outgoing-Id: 518483979.256879-77d63ffa95455ed930001d8844c73281
Message-Id: <3F598630-86AA-4ACC-AD71-BB594767276C@taoeffect.com>
References: <31833011-7179-49D1-A07E-8FD9556C4534@taoeffect.com>
	<201706062308.12531.luke@dashjr.org>
To: Luke Dashjr <luke@dashjr.org>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 06 Jun 2017 23:27:03 +0000
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 23:19:42 -0000


--Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63"


--Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

> Replay is a solved problem.

Point to this solved problem?

Your "solution" here is not a solution:

=
https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_we_have_=
an_educated_discussion/diey21t/?context=3D3 =
<https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_we_have=
_an_educated_discussion/diey21t/?context=3D3>

> This is nothing but unfounded FUD. It is very simple to implement and
> guaranteed to work eventually. It may be time consuming, but that is =
the only
> truth here. The only risk is that of a long reorg, the same as double =
spend
> attacks.

Let's assume you invented a simple way to double-spend txns to self =
(which you haven't, fyi), then that is an issue in of itself as the =
point of bitcoin is to *prevent* double-spending to self.

There would need to be much more time for the community to discuss the =
implications of wallets have a "double-spend to self" button in them.

> What kind of "fungibility" does this FUD claim it destroys? Destroying =
cross-
> chain fungibility is the very *intent* of replay protection. And it =
does not
> destroy same-chain fungibility any more than any other miner spending.

Yes it does destroy same-chain fungibility, as discussed on twitter [1], =
you're making miner coins special on both chains.

> Lack of replay protection does not mean there is no coin.

It effectively does. If people want to proceed blindly, ignoring replay, =
they're welcome to read about the consequences [2].

[1] https://twitter.com/taoeffect/status/872226556571131905 =
<https://twitter.com/taoeffect/status/872226556571131905>
[2] http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8 =
<http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8>

--
Please do not email me anything that you are not comfortable also =
sharing with the NSA.

> On Jun 6, 2017, at 4:08 PM, Luke Dashjr <luke@dashjr.org =
<mailto:luke@dashjr.org>> wrote:
>=20
> On Tuesday 06 June 2017 10:39:28 PM Tao Effect via bitcoin-dev wrote:
>> I believe the severity of replay attacks is going unvoiced and is not
>> understood within the bitcoin community because of their lack of
>> experience with them.
>=20
> Replay is a solved problem. It can be improved on and made simpler, =
but at
> this point, replay only occurs when the sender is either negligent or
> intending it.
>=20
>> Both of the coin-splitting techniques given so far by the proponents =
BIP148
>> are also untenable:
>>=20
>> - Double-spending to self with nLockTime txns is insanely =
complicated,
>> risky, not guaranteed to work, extremely time consuming, and would =
likely
>> result in a massive increase in backlogged transactions and increased
>> fees.
>=20
> This is nothing but unfounded FUD. It is very simple to implement and
> guaranteed to work eventually. It may be time consuming, but that is =
the only
> truth here. The only risk is that of a long reorg, the same as double =
spend
> attacks.
>=20
>> - Mixing with 148 coinbase txns destroys fungibility.
>=20
> What kind of "fungibility" does this FUD claim it destroys? Destroying =
cross-
> chain fungibility is the very *intent* of replay protection. And it =
does not
> destroy same-chain fungibility any more than any other miner spending.
>=20
>> Without a coin, there is no real threat from BIP148.
>=20
> Lack of replay protection does not mean there is no coin. Replay =
protection is
> equally a concern for the main (BIP148) chain and any legacy chains =
malicious
> miners might choose to split off. And none of this changes the fact =
that such
> miners will be unable to sell their legacycoins at Bitcoin market =
prices,
> because whether other transactions are replayed or not, *their* coins =
won't be
> valid on the main chain.
>=20
> Luke


--Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" content=3D"text/html=
 charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><blockquote type=3D"cite" class=3D"">Replay is a solved =
problem.</blockquote><div class=3D""><br class=3D""></div>Point to this =
solved problem?<div class=3D""><br class=3D""></div><div class=3D"">Your =
"solution" here is not a solution:</div><div class=3D""><br =
class=3D""></div><div class=3D""><a =
href=3D"https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_=
we_have_an_educated_discussion/diey21t/?context=3D3" =
class=3D"">https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_ti=
me_we_have_an_educated_discussion/diey21t/?context=3D3</a></div><div =
class=3D""><br class=3D""></div><div class=3D""><blockquote type=3D"cite" =
class=3D"">This is nothing but unfounded FUD. It is very simple to =
implement and&nbsp;<br class=3D"">guaranteed to work eventually. It may =
be time consuming, but that is the only&nbsp;<br class=3D"">truth here. =
The only risk is that of a long reorg, the same as double spend&nbsp;<br =
class=3D"">attacks.</blockquote><br class=3D""></div><div class=3D"">Let's=
 assume you invented a simple way to double-spend txns to self (which =
you haven't, fyi), then that is an issue in of itself as the point of =
bitcoin is to *prevent* double-spending to self.</div><div class=3D""><br =
class=3D""></div><div class=3D"">There would need to be much more time =
for the community to discuss the implications of wallets have a =
"double-spend to self" button in them.<br class=3D""><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><div class=3D""><blockquote =
type=3D"cite" class=3D"">What kind of "fungibility" does this FUD claim =
it destroys? Destroying cross-<br class=3D"">chain fungibility is the =
very *intent* of replay protection. And it does not&nbsp;<br =
class=3D"">destroy same-chain fungibility any more than any other miner =
spending.</blockquote><br class=3D""></div><div class=3D"">Yes it does =
destroy same-chain fungibility, as discussed on twitter [1], you're =
making miner coins special on both chains.</div><div class=3D""><br =
class=3D""></div><div class=3D""><blockquote type=3D"cite" class=3D"">Lack=
 of replay protection does not mean there is no coin.</blockquote><br =
class=3D""></div><div class=3D"">It effectively does. If people want to =
proceed blindly, ignoring replay, they're welcome to read about the =
consequences [2].</div><div class=3D""><br class=3D""></div><div =
class=3D"">[1]&nbsp;<a =
href=3D"https://twitter.com/taoeffect/status/872226556571131905" =
class=3D"">https://twitter.com/taoeffect/status/872226556571131905</a></di=
v><div class=3D"">[2]&nbsp;<a =
href=3D"http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8"=
 =
class=3D"">http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1=
b8</a></div><div class=3D"">
<span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
14px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; font-variant-ligatures: normal; =
font-variant-position: normal; font-variant-numeric: normal; =
font-variant-alternates: normal; font-variant-east-asian: normal; =
line-height: normal; orphans: 2; widows: 2;" class=3D""><br =
class=3D"Apple-interchange-newline">--</span><br style=3D"color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""><span style=3D"color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D"">Please do not email me anything that you are not =
comfortable also sharing</span><span style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D"">&nbsp;with the NSA.</span>
</div>
<br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Jun 6, 2017, at 4:08 PM, Luke Dashjr &lt;<a =
href=3D"mailto:luke@dashjr.org" class=3D"">luke@dashjr.org</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div =
class=3D"">On Tuesday 06 June 2017 10:39:28 PM Tao Effect via =
bitcoin-dev wrote:<br class=3D""><blockquote type=3D"cite" class=3D"">I =
believe the severity of replay attacks is going unvoiced and is not<br =
class=3D"">understood within the bitcoin community because of their lack =
of<br class=3D"">experience with them.<br class=3D""></blockquote><br =
class=3D"">Replay is a solved problem. It can be improved on and made =
simpler, but at <br class=3D"">this point, replay only occurs when the =
sender is either negligent or <br class=3D"">intending it.<br =
class=3D""><br class=3D""><blockquote type=3D"cite" class=3D"">Both of =
the coin-splitting techniques given so far by the proponents BIP148<br =
class=3D"">are also untenable:<br class=3D""><br class=3D"">- =
Double-spending to self with nLockTime txns is insanely complicated,<br =
class=3D"">risky, not guaranteed to work, extremely time consuming, and =
would likely<br class=3D"">result in a massive increase in backlogged =
transactions and increased<br class=3D"">fees.<br =
class=3D""></blockquote><br class=3D"">This is nothing but unfounded =
FUD. It is very simple to implement and <br class=3D"">guaranteed to =
work eventually. It may be time consuming, but that is the only <br =
class=3D"">truth here. The only risk is that of a long reorg, the same =
as double spend <br class=3D"">attacks.<br class=3D""><br =
class=3D""><blockquote type=3D"cite" class=3D"">- Mixing with 148 =
coinbase txns destroys fungibility.<br class=3D""></blockquote><br =
class=3D"">What kind of "fungibility" does this FUD claim it destroys? =
Destroying cross-<br class=3D"">chain fungibility is the very *intent* =
of replay protection. And it does not <br class=3D"">destroy same-chain =
fungibility any more than any other miner spending.<br class=3D""><br =
class=3D""><blockquote type=3D"cite" class=3D"">Without a coin, there is =
no real threat from BIP148.<br class=3D""></blockquote><br class=3D"">Lack=
 of replay protection does not mean there is no coin. Replay protection =
is <br class=3D"">equally a concern for the main (BIP148) chain and any =
legacy chains malicious <br class=3D"">miners might choose to split off. =
And none of this changes the fact that such <br class=3D"">miners will =
be unable to sell their legacycoins at Bitcoin market prices, <br =
class=3D"">because whether other transactions are replayed or not, =
*their* coins won't be <br class=3D"">valid on the main chain.<br =
class=3D""><br class=3D"">Luke<br =
class=3D""></div></div></blockquote></div><br =
class=3D""></div></body></html>=

--Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63--

--Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZNziLAAoJEOxnICvpCVJHjAcP/igl+MVBQJRU18xQ9kL65ihq
thkqYIdRBawx5AAB7GOvArBrLirAp2BtWyrCO4FiICoRHwcxBOb44oVlyJulMnub
Llt6k3PPJuqgWopJvm26B/QZyV08ye/AxB3JLMXzA/9hwGHDCCWg83s2cCzsfZpd
0PfKFDgM6XGypoPc//EidhLBScbhZlhbPIJuduiD2LxZo8hbG+PU9PuJIOtigJaF
aL2n2xdK76axNwRUo+SqyugbDATLI86JTIZyrfk6P6/zDAUxoMPWTM+16nCaQ9/A
47uaBxistLhbbkREDfX+q9TXtZoWRgO7zb9rhTbG6G6elbv2QAiyv+o1ep0eqb6a
aqrzeZKpkXAYXMMpD2GwZnJLVQ7cyB/aJZs4T+IQ8ew6RNGv7yVdM2bT+gTHHuZ1
JpfIbzMcELLKqD6weqH85C1icL+DmYgu7iPqiMIa6lZ+1KqQXVHG3+UDadyqf/0q
UBqmBm3Oe6Gz7+HwXa998xdZ7tk5JudisvifUrb1+OPpExdzbXQIV6bxDR1OnVYd
j+ZzTiI0saHc5vkP7FXcfNve9/xcDPl5ZRr1CKKsznvT2AwDIiAGLmCOMKOohUl2
jJt7dcPwYDkqF0iEtBuB4lkcf3716kReEFUFWcWj+ITraycZsyzbKM0Xc841Ztnc
3K6BoIvl2hH62RSwPWtd
=C1co
-----END PGP SIGNATURE-----

--Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996--