From: Eric Lombrozo <elombrozo@gmail.com>
To: "Jonathan Toomim (Toomim Bros)" <j@toom.im>,
"Jonathan Toomim (Toomim Bros) via bitcoin-dev"
<bitcoin-dev@lists.linuxfoundation.org>,
Anthony Towns <aj@erisian.com.au>
Subject: Re: [bitcoin-dev] Let's deploy BIP65 CHECKLOCKTIMEVERIFY!
Date: Wed, 07 Oct 2015 09:25:53 -0700 [thread overview]
Message-ID: <4A595469-D2E7-4C6A-9EDC-2DF82B0BD212@gmail.com> (raw)
In-Reply-To: <B7359445-2B91-4A12-8222-9730D91572C7@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4141 bytes --]
You're right about the potential for 1 bad confirmation even with very low frequency...but with an overwhelming supermajority of hashpower, 2 bad confirmations become quite unlikely, n bad confirmations becomes exponentially unlikely in n.
As part of such soft fork deployments, it's true that old nodes might see a bad confirmation on occasion (even assuming overwhelming supermajority hashpower adoptance). So yes, old nodes and SPV clients should probably require more confirmations right around such a transition...or should upgrade. It is entirely possible to make clients warn the user if the block version is unrecognized, which will help to prevent anyone from accepting bad blocks (although SPV security necessarily relies on miners to validate for them).
On October 7, 2015 9:02:14 AM PDT, Eric Lombrozo <elombrozo@gmail.com> wrote:
>That's why it's important to measure miner adoptance. Note that this
>isn't a vote - it's an adoption metric for what is presumably a fairly
>uncontroversial upgrade. If there's contentious controversy amongst
>miner all bets are off.
>
>Our current mechanisms are imperfect in this regard...as we've seen in
>the past, miners have deliberately disabled checks despite signaling
>adoption in their blocks. But a real hashpower supermajority would make
>such attacks hard to pull off in practice.
>
>- Eric
>
>On October 7, 2015 8:46:08 AM PDT, "Jonathan Toomim (Toomim Bros) via
>bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>>On Oct 7, 2015, at 8:00 AM, Anthony Towns via bitcoin-dev
>><bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>>> *But* a soft fork that only forbids transactions that would
>>previously
>>> not have been mined anyway should be the best of both worlds, as it
>>> automatically reduces the liklihood of old miners building newly
>>invalid
>>> blocks to a vanishingly small probability; which means that upgraded
>>> bitcoin nodes, non-upgraded bitcoin nodes, /and/ SPV clients *all*
>>> continuing to work fine during the upgrade.
>>
>>I agree with pretty much everything you wrote except the above
>>paragraph.
>>
>>An attacker can create a transaction that would be valid if it were an
>>OP_NOP, but not valid if it were any more restrictive transaction. For
>>example, an attacker might send 1 BTC to an address with . An old
>node
>>would consider that OP_CLTV to be OP_NOP, so no signature is necessary
>>for old nodes. Then the attacker buys something from a merchant
>running
>>old node code or an SPV client, and spends the 1 BTC in that address
>in
>>a way that is invalid according to OP_CLTV but valid according to
>>OP_NOP, and includes a hefty fee. A miner on the old version includes
>>this transaction into a block, thereby making the block invalid
>>according to the new rules, and rejected by new-client miners. The
>>merchant sees the 1-conf, and maybe even 2-conf, rejoices, and ships.
>>The attacker then has until the OP_CLTV matures to double-spend the
>>coin with new nodes using a valid signature.
>>
>>Basically, it's trivial to create transactions that exploit the
>>difference in validation rules as long as miners are still on the old
>>version to mine them. Transactions can be created that are guaranteed
>>to be orphaned and trivially double-spendable. Attackers never have to
>>risk actual losses. This can be done as long as miners continue to
>mine
>>old-version blocks, regardless of their frequency.
>>
>>Those of you who know Script better than me: would this be an example
>>of a transaction that would be spendable with a valid sig XOR with
>(far
>>future date OR old code)?
>>
>>OP_DUP OP_HASH160 <pubkeyhash> OP_EQUALVERIFY OP_CHECKSIGVERIFY
>>OP_PUSHDATA <locktime far in the future> OP_CLTV
>>
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>bitcoin-dev mailing list
>>bitcoin-dev@lists.linuxfoundation.org
>>https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
[-- Attachment #2: Type: text/html, Size: 9164 bytes --]
next prev parent reply other threads:[~2015-10-07 16:25 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-27 18:50 [bitcoin-dev] Let's deploy BIP65 CHECKLOCKTIMEVERIFY! Peter Todd
2015-09-27 20:26 ` jl2012
2015-09-27 20:27 ` Peter Todd
2015-09-27 20:27 ` Mark Friedenbach
2015-09-27 20:41 ` Btc Drak
2015-09-28 10:10 ` s7r
2015-09-28 10:48 ` Mike Hearn
2015-09-28 11:00 ` Adam Back
2015-09-28 11:40 ` Mike Hearn
2015-09-28 12:20 ` Eric Lombrozo
2015-09-28 12:26 ` Mike Hearn
2015-09-28 12:44 ` Eric Lombrozo
2015-09-28 12:54 ` Mike Hearn
2015-09-29 6:17 ` Eric Lombrozo
2015-09-29 12:02 ` Mike Hearn
2015-09-28 14:05 ` Btc Drak
2015-09-28 14:17 ` Mike Hearn
2015-09-28 21:12 ` odinn
2015-09-28 22:16 ` Dave Scotese
2015-09-28 11:04 ` Eric Lombrozo
2015-09-28 12:47 ` Tier Nolan
2015-09-28 13:01 ` Gavin Andresen
2015-09-28 13:28 ` Peter Todd
2015-09-28 13:43 ` Gavin Andresen
2015-09-28 14:14 ` Peter Todd
2015-09-28 13:21 ` Peter Todd
2015-09-28 13:41 ` Mike Hearn
2015-09-28 14:29 ` Peter Todd
2015-09-28 14:33 ` Mike Hearn
2015-09-28 14:43 ` Peter Todd
2015-09-28 14:51 ` Mike Hearn
2015-09-28 15:05 ` Peter Todd
2015-09-28 15:38 ` Mike Hearn
2015-09-28 16:52 ` jl2012
2015-09-28 17:14 ` Mike Hearn
2015-09-28 23:17 ` Jorge Timón
2015-09-29 12:07 ` Mike Hearn
2015-09-29 15:09 ` [bitcoin-dev] Why soft-forks? was: " Santino Napolitano
2015-09-29 13:30 ` [bitcoin-dev] " Jonathan Toomim (Toomim Bros)
2015-09-29 15:59 ` jl2012
2015-09-29 19:54 ` odinn
2015-09-29 18:31 ` Gregory Maxwell
2015-09-30 17:11 ` Mike Hearn
2015-09-30 17:58 ` Jorge Timón
2015-10-01 14:23 ` Tom Harding
2015-09-30 18:15 ` Adam Back
2015-09-30 19:26 ` Jeff Garzik
2015-09-30 19:56 ` Mike Hearn
2015-09-30 20:37 ` Jorge Timón
2015-09-30 21:06 ` Mike Hearn
2015-09-30 22:14 ` Jorge Timón
2015-10-01 0:11 ` Jorge Timón
2015-09-30 22:17 ` Jeff Garzik
2015-09-30 23:25 ` Gregory Maxwell
2015-09-30 20:15 ` Gregory Maxwell
2015-09-30 21:01 ` Mike Hearn
2015-09-30 22:59 ` Gregory Maxwell
2015-10-01 4:08 ` [bitcoin-dev] Crossing the line? [Was: Re: Let's deploy BIP65 CHECKLOCKTIMEVERIFY!] Tao Effect
2015-10-01 16:39 ` Jeff Garzik
2015-10-01 20:17 ` Milly Bitcoin
2015-10-02 12:23 ` Mike Hearn
2015-10-02 13:14 ` jl2012
2015-10-02 14:10 ` Marcel Jamin
2015-10-02 16:37 ` Gregory Maxwell
2015-10-07 15:00 ` [bitcoin-dev] Let's deploy BIP65 CHECKLOCKTIMEVERIFY! Anthony Towns
2015-10-07 15:46 ` Jonathan Toomim (Toomim Bros)
2015-10-07 16:02 ` Eric Lombrozo
2015-10-07 16:25 ` Eric Lombrozo [this message]
2015-10-07 16:26 ` Jonathan Toomim (Toomim Bros)
2015-10-07 16:38 ` Anthony Towns
2015-10-10 7:23 ` Anthony Towns
2015-10-12 7:02 ` digitsu
2015-10-12 16:33 ` Anthony Towns
2015-10-12 17:06 ` Anthony Towns
2015-10-13 0:08 ` digitsu
2015-09-29 20:03 ` Wladimir J. van der Laan
2015-09-30 4:05 ` Rusty Russell
2015-09-30 6:19 ` Adam Back
2015-09-30 12:30 ` Mike Hearn
2015-09-30 15:55 ` Jorge Timón
2015-09-30 19:17 ` John Winslow
2015-10-01 0:06 ` Rusty Russell
2015-09-30 17:14 ` Adam Back
2015-10-01 0:04 ` Rusty Russell
2015-10-02 1:57 NotMike Hearn
2015-10-02 2:12 ` GC
2015-10-05 10:59 ` Mike Hearn
2015-10-05 11:23 ` Jeff Garzik
2015-10-05 11:28 ` Mike Hearn
2015-10-05 12:04 ` Jorge Timón
2015-10-05 12:08 ` Clément Elbaz
2015-10-05 12:16 ` Jorge Timón
2015-10-05 12:29 ` Clément Elbaz
2015-10-05 15:42 ` Jorge Timón
2015-10-05 12:10 ` Mike Hearn
2015-10-05 15:33 ` Jorge Timón
2015-10-05 16:46 ` Mike Hearn
2015-10-06 6:20 ` Anthony Towns
2015-10-07 6:13 ` Micha Bailey
2015-10-05 13:29 ` Jorge Timón
2015-10-05 13:24 ` Jorge Timón
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A595469-D2E7-4C6A-9EDC-2DF82B0BD212@gmail.com \
--to=elombrozo@gmail.com \
--cc=aj@erisian.com.au \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=j@toom.im \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox