From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 77366B6B for ; Tue, 6 Jun 2017 23:31:21 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from homiemail-a38.g.dreamhost.com (homie.mail.dreamhost.com [208.97.132.208]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BD2A615B for ; Tue, 6 Jun 2017 23:31:20 +0000 (UTC) Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id A1CF510AFBE; Tue, 6 Jun 2017 16:31:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; s=taoeffect.com; bh=0skZ6WN3/AQ7c8/i3 RsXMmGr+Sc=; b=Ar0/cMKzL56LQXsf0oxN6t7fLWBodLPQe1/HSeb0EpcXXXFS2 PRkTxXC20QX4s9iiake9fTRXysD42sZNN5NLYTPDIqUCp6YvxkYF4o2T4JcWZ06y CcayuFVA+dJ42w2UJD1IxRjhHqx0W9qL4d44dM1Td2Lln5OW5fvi+ueW8k= Received: from [192.168.42.64] (184-23-255-227.fiber.dynamic.sonic.net [184.23.255.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: contact@taoeffect.com) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 9590610AFBD; Tue, 6 Jun 2017 16:31:17 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_F275864B-9D9F-4D1E-9F9E-4AB962B9D5AC"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Tao Effect In-Reply-To: <38DDC3A2-2727-477E-A6FF-7638842AAB03@taoeffect.com> Date: Tue, 6 Jun 2017 16:31:17 -0700 X-Mao-Original-Outgoing-Id: 518484676.809484-011cb458f5a77ea11ff2a7f4c7fa2cac Message-Id: References: <31833011-7179-49D1-A07E-8FD9556C4534@taoeffect.com> <20170606232015.GA11830@erisian.com.au> <38DDC3A2-2727-477E-A6FF-7638842AAB03@taoeffect.com> To: Anthony Towns X-Mailer: Apple Mail (2.3273) X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 07 Jun 2017 00:07:08 +0000 Cc: Anthony Towns via bitcoin-dev Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jun 2017 23:31:21 -0000 --Apple-Mail=_F275864B-9D9F-4D1E-9F9E-4AB962B9D5AC Content-Type: multipart/alternative; boundary="Apple-Mail=_94E46E0B-71DD-44CB-99F1-5162E263A838" --Apple-Mail=_94E46E0B-71DD-44CB-99F1-5162E263A838 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > CPFP can be used by an attacker to get your original txn into the 148 = chain. *err, my bad that's unlikely to happen, if I remember correctly CPFP can = only be done by the person you're sending the coins to. Coin-mixing = seems the better option of the two, but shouldn't the BIP148 folks wait = until it's clear that will be supported by exchanges? -- Please do not email me anything that you are not comfortable also = sharing with the NSA. > On Jun 6, 2017, at 4:27 PM, Tao Effect > wrote: >=20 >> CoinJoin works as a method of both improving fungibility and mixing = with >> coinbase transactions. >=20 > My understanding is that the two situations are quite different. >=20 > Unlike mixing to coin-split, CoinJoin doesn't create a high demand = exclusively for coinbase transactions. >=20 > However, of the proposed methods, coin-mixing seems the better option, = because it might be reasonably easy (I don't know) for exchanges to = obtain 148 coinbase coins, and mix their coins with them, extending the = coin-splitting capability beyond just miner coins and then using that to = split incoming coins. >=20 > That seems like the most reasonable approach I've heard so far. = Whether exchanges would be willing to do that is a separate question. >=20 >> When it's confirmed on one chain, but not on the other, you >> can then "double-spend" on the lower hashrate chain with a higher = fee, >> to end up with different coins on both chains. >=20 > This method is time consuming and not guaranteed to work. CPFP can be = used by an attacker to get your original txn into the 148 chain. >=20 >> (also, no double-n in untenable) >=20 > Why thank you aj, you're so good at spelling. :-) >=20 > Cheers, > Greg >=20 --Apple-Mail=_94E46E0B-71DD-44CB-99F1-5162E263A838 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
CPFP can be used by an = attacker to get your original txn into the 148 chain.

*err, my bad = that's unlikely to happen, if I remember correctly CPFP can only be done = by the person you're sending the coins to. Coin-mixing seems the better = option of the two, but shouldn't the BIP148 folks wait until it's clear = that will be supported by exchanges?

--

Please do not email me anything that you are not = comfortable also sharing with the NSA.

On Jun 6, 2017, at 4:27 PM, Tao Effect <contact@taoeffect.com> wrote:

CoinJoin works as a = method of both improving fungibility and mixing with
coinbase transactions.

My = understanding is that the two situations are quite different.

Unlike mixing to = coin-split, CoinJoin doesn't create a high demand exclusively for = coinbase transactions.

However, of the proposed methods, coin-mixing seems the = better option, because it might be reasonably easy (I don't know) for = exchanges to obtain 148 coinbase coins, and mix their coins with them, = extending the coin-splitting capability beyond just miner coins and then = using that to split incoming coins.

That seems like the most reasonable = approach I've heard so far. Whether exchanges would be willing to do = that is a separate question.

When= it's confirmed on one chain, but not on the other, you
can = then "double-spend" on the lower hashrate chain with a higher fee,
to end up with different coins on both = chains.

This method is = time consuming and not guaranteed to work. CPFP can be used by an = attacker to get your original txn into the 148 chain.

(also, no double-n in untenable)

Why thank you aj, you're so good at = spelling. :-)

Cheers,
Greg


= --Apple-Mail=_94E46E0B-71DD-44CB-99F1-5162E263A838-- --Apple-Mail=_F275864B-9D9F-4D1E-9F9E-4AB962B9D5AC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZNztEAAoJEOxnICvpCVJH6LUP/38RilPZIbs0+eN7AfF9nRD1 mUx+xvMAweh19gUpdpoZ9z7nXVsubg7q2DcVAg0r/Zr5JZw/1akIXz/lOdS7yIi3 aQcB+oKUtg4r79J0tjDpIaJo435OkLjKrvMIyC6z+YoR4/RK6FsfKV6+5Mpukm87 PUuwGTuItvuUEl9Qd4n5kX5H2j0p77Itdz7eTtUafAbSYehy2GHOkBGWQm8Pyot6 Ix77vreo7xuolc+fQDHTfMsidWSIyml0+hQ+tdMUd+gtYLMbxPRGcp3GGoq0cRY5 cezrr3dW5ntOXOC7qEHeCiHRcC6bAPtuhzkG4WP43Z4/li8o5x0h/xfK92PA9tDB 1bnu7qRNEJsFmehbtWmMeDN0xu4uJ7t7+cSmiaG0Ps1IBt88pITtJAM0ogdGnYU1 vWggbc0o9F3ueYMnjiUsVwvA6qcFkIpLEs3jcBsOb/X9kOHi0vPSxSg0tzLuuy5Q 5/z7dlOzn3W/BVci7PsrIinGgeYjc2cTNTwIFrhFbaIzywJF9eAI6KtSEk/HhMag vnvASxUDLcKmnlo6+2fVHI97h6b2oKXxslV+ZceZjjV0MJmF0LKtuAw3p66T/PQk 5FMog/a0BWf8TXVGFkpnhNooyCBj9aWRMYriIo6pPNhNzdoJkwIxw7R12oQPuZ3I VBR4sANS8V97VyCXt0X5 =JB9e -----END PGP SIGNATURE----- --Apple-Mail=_F275864B-9D9F-4D1E-9F9E-4AB962B9D5AC--