public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
@ 2017-06-06 20:43 Tao Effect
  0 siblings, 0 replies; 21+ messages in thread
From: Tao Effect @ 2017-06-06 20:43 UTC (permalink / raw)
  To: bitcoin-dev


[-- Attachment #1.1: Type: text/plain, Size: 2050 bytes --]

This is just me putting in my formal objection to BIP148 and BIP149 based on my experience with the ETH/ETC hard fork and involvement in that drama.

First, it's important to note that ETC/ETH HF is a very different situation from BIP148 and all other soft-forks. To those on this mailing list, the reasons should be self-evident (one results in two incompatible chains, the other doesn't).

However, replay attacks are common to both possibilities (i.e. when BIP148 has <51% hash power).

I believe the severity of replay attacks is going unvoiced and is not understood within the bitcoin community because of their lack of experience with them.

I further believe that replay attacks are the #1 issue with BIP148, BIP149, etc., superseding wipeout attacks in severity.

These are not baseless beliefs, they're born out of experience and I think anyone will reach the same conclusion upon study.

In a nutshell, replay attacks mean that all talk of there being potentially "two coins" as a result of BIP148 is basically nonsense.

Replay attacks effectively eliminate that possibility.

When users go to "sell their legacy coins", they've just sold their 148 coins, and vice versa.

Both of the coin-splitting techniques given so far by the proponents BIP148 are also untenable:

- Double-spending to self with nLockTime txns is insanely complicated, risky, not guaranteed to work, extremely time consuming, and would likely result in a massive increase in backlogged transactions and increased fees.

- Mixing with 148 coinbase txns destroys fungibility.

Without a coin, there is no real threat from BIP148. Without that threat, there is no point to BIP148, and the miners know this.

These and other concerns are outlined and explained in more detail in this conversation I had yesterday with John Light:

https://www.youtube.com/watch?v=33rL3-p8cPw <https://www.youtube.com/watch?v=33rL3-p8cPw>

Cheers,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.


[-- Attachment #1.2: Type: text/html, Size: 5266 bytes --]

[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread
* [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
@ 2017-06-06 22:39 Tao Effect
  2017-06-06 23:02 ` Gregory Maxwell
                   ` (2 more replies)
  0 siblings, 3 replies; 21+ messages in thread
From: Tao Effect @ 2017-06-06 22:39 UTC (permalink / raw)
  To: Bitcoin Dev


[-- Attachment #1.1: Type: text/plain, Size: 2050 bytes --]

This is just me putting in my formal objection to BIP148 and BIP149 based on my experience with the ETH/ETC hard fork and involvement in that drama.

First, it's important to note that ETC/ETH HF is a very different situation from BIP148 and all other soft-forks. To those on this mailing list, the reasons should be self-evident (one results in two incompatible chains, the other doesn't).

However, replay attacks are common to both possibilities (i.e. when BIP148 has <51% hash power).

I believe the severity of replay attacks is going unvoiced and is not understood within the bitcoin community because of their lack of experience with them.

I further believe that replay attacks are the #1 issue with BIP148, BIP149, etc., superseding wipeout attacks in severity.

These are not baseless beliefs, they're born out of experience and I think anyone will reach the same conclusion upon study.

In a nutshell, replay attacks mean that all talk of there being potentially "two coins" as a result of BIP148 is basically nonsense.

Replay attacks effectively eliminate that possibility.

When users go to "sell their legacy coins", they've just sold their 148 coins, and vice versa.

Both of the coin-splitting techniques given so far by the proponents BIP148 are also untenable:

- Double-spending to self with nLockTime txns is insanely complicated, risky, not guaranteed to work, extremely time consuming, and would likely result in a massive increase in backlogged transactions and increased fees.

- Mixing with 148 coinbase txns destroys fungibility.

Without a coin, there is no real threat from BIP148. Without that threat, there is no point to BIP148, and the miners know this.

These and other concerns are outlined and explained in more detail in this conversation I had yesterday with John Light:

https://www.youtube.com/watch?v=33rL3-p8cPw <https://www.youtube.com/watch?v=33rL3-p8cPw>

Cheers,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.


[-- Attachment #1.2: Type: text/html, Size: 5538 bytes --]

[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 21+ messages in thread

end of thread, other threads:[~2017-06-08  6:39 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-06 20:43 [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable Tao Effect
2017-06-06 22:39 Tao Effect
2017-06-06 23:02 ` Gregory Maxwell
2017-06-06 23:12   ` Tao Effect
2017-06-07 13:25   ` Nick Johnson
2017-06-07 16:27     ` Tao Effect
2017-06-07 17:35       ` Nick Johnson
2017-06-08  5:44         ` Conner Fromknecht
2017-06-08  6:38           ` Nick Johnson
2017-06-06 23:08 ` Luke Dashjr
2017-06-06 23:19   ` Tao Effect
2017-06-06 23:20 ` Anthony Towns
2017-06-06 23:27   ` Tao Effect
2017-06-06 23:31     ` Tao Effect
2017-06-06 23:59     ` Kekcoin
2017-06-07  0:04       ` Tao Effect
2017-06-07  0:19         ` Kekcoin
2017-06-07  0:26           ` Tao Effect
2017-06-07  0:29             ` Kekcoin
2017-06-07  0:38               ` Tao Effect
2017-06-07  0:46                 ` Kekcoin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox