From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1QoUfN-0007Pd-Iy for bitcoin-development@lists.sourceforge.net; Wed, 03 Aug 2011 06:10:53 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of lavabit.com designates 72.249.41.33 as permitted sender) client-ip=72.249.41.33; envelope-from=bgroff@lavabit.com; helo=karen.lavabit.com; Received: from karen.lavabit.com ([72.249.41.33]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1QoUfM-0002vW-Q7 for bitcoin-development@lists.sourceforge.net; Wed, 03 Aug 2011 06:10:53 +0000 Received: from a.earth.lavabit.com (a.earth.lavabit.com [192.168.111.10]) by karen.lavabit.com (Postfix) with ESMTP id 271D111BCA9; Wed, 3 Aug 2011 01:10:47 -0500 (CDT) Received: from lavabit.com (torserver.uvt.nl [137.56.163.46]) by lavabit.com with ESMTP id ZWUMKCAVGBMD; Wed, 03 Aug 2011 01:10:47 -0500 Received: from 137.56.163.46 (SquirrelMail authenticated user bgroff) by lavabit.com with HTTP; Wed, 3 Aug 2011 02:10:47 -0400 (EDT) Message-ID: <43351.137.56.163.46.1312351847.squirrel@lavabit.com> In-Reply-To: References: Date: Wed, 3 Aug 2011 02:10:47 -0400 (EDT) From: bgroff@lavabit.com To: "Gregory Maxwell" User-Agent: SquirrelMail/1.4.13 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.1 (--) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1QoUfM-0002vW-Q7 Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Discussion related to pull 349 and pull 319 (escrow transactions) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2011 06:10:53 -0000 Gregory Maxwell wrote: > Pull 349 (https://github.com/bitcoin/bitcoin/pull/349) > implements a pretty nice implementation of multiple signature escrowed > transactions. Especially with clearcoin gone I think that this is > something we ought to have sooner rather than later. > > I've tested it on a private network and it appears to work pretty well. Thank you! (I think you mean 319 here) > It probably needs more testing and discussion before it is actually > added to the client, but one challenge is that because it requires a > new transaction type it won't be deployable until _after_ an updated > isStandard is widely used in the network. With Eligius mining !IsStandard transactions and probably other pools ope= n to the idea, I am hopeful that we can quickly get 30%+ of mining power to upgrade, which means that we could still mine these in a reasonable time frame (under 1 hour). ... > Unfortunately, the patch exposes an issue with multisig validation: If > I understand it correctly, the problem is that due to redundancy in > the script length coding opcodes it's possible to code a script > multiple ways. The signature validation code creates new template > scripts in order to evaluate signatures for one output, and the code > in bitcoin is not careful to code the new script the same way the > original one was coded, causing the signature validation to fail when > something used OP_PUSHDATA when a direct length could have been used. > I'm not sure I see the problem here. CScript.operator<< currently insert= s values into scripts using the shortest possible sequence. As long as cod= e continues to conform to this convention, scripts generated by it will verify correctly. If new code is written that generates one of the longer sequences, it wil= l generate transactions that will not pass block validation since the signature won't verify. So such code will be useless and we can refrain from writing it? -- Bobby Groff