From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 5632E724 for ; Thu, 4 Aug 2016 03:49:29 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ua0-f175.google.com (mail-ua0-f175.google.com [209.85.217.175]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 57DCD121 for ; Thu, 4 Aug 2016 03:49:28 +0000 (UTC) Received: by mail-ua0-f175.google.com with SMTP id j59so166538936uaj.3 for ; Wed, 03 Aug 2016 20:49:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=I+C6494tFIXk2ztvOSP+JOwTM/ejYNz0FO5E7GxfoQE=; b=oJQnZ/x+D2AJznaeK8eVN7F6UnqAHFMZgq1UqRtbw1+h8rLh+6J549Ks/X5h+4rlzs AfCzTbkwRRRBavPPXjyWgvHLJMJqZMb7spx/9mm57k0zwpVoM0N357F9Fu32sWIlI9gp BdDpQV78vEM6QjhzfD5tmEH9zXuO4cNJwinYBn9CyVxs2TQ8WdagOgrBIF4wkb21vbYj oWHu4VJyxqmO21hHJy0FR+A2/vp/goQyL5IWN94eQ5pSQ7UgFE3INGCv6s1yEwh2uYFu cMtvWBSc5Eo9gQDwcGW0FTf0gOCBbg5jAxXoqDHZPKylOS62qNC5TiWaPQwjlp7K506O Ntdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=I+C6494tFIXk2ztvOSP+JOwTM/ejYNz0FO5E7GxfoQE=; b=jAYRQ3nqGG8a1alZ3ZgfqCcYRned5kcLbYpsppsFs7IkPxHlxzdcCXfJWqSurnSSVq rUQtt5xbmY0eIRLTjQzNmla+bvnpMjva1kzwLXEUQwX8sq2QiSWDWjenct9Bor5X3q/7 Pn2hxGqPBhkI+ype2QMC8jKZtAUFnu/ck/5GYvQwDY8WQN7wFSJFUmQJqggTvsym9mZx rstozdhDE2raSDysjOPpMrb99oP7r5+YXuM+5PZmwUbDCSPXf1HNfgcr4bG0w/Oew3zr eTmfA+RlcxplCAB/yxYE9lZ4iSO5j2B7c+TXzo/kbUXpJStR4XoXcEa2mxphd2CPNjHP 7RIw== X-Gm-Message-State: AEkooutTQNem8hvaT/pd9axPiZf6pSkcbfKZWAGOF+qDExnciPW7R8vaADPORIyJok9Vjzl2x5Aje1um1wyyFw== X-Received: by 10.159.40.167 with SMTP id d36mr32130004uad.60.1470282567468; Wed, 03 Aug 2016 20:49:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.64.150 with HTTP; Wed, 3 Aug 2016 20:49:26 -0700 (PDT) Received: by 10.103.64.150 with HTTP; Wed, 3 Aug 2016 20:49:26 -0700 (PDT) In-Reply-To: <201608040327.36571.luke@dashjr.org> References: <201608040327.36571.luke@dashjr.org> From: Andrew Johnson Date: Wed, 3 Aug 2016 23:49:26 -0400 Message-ID: To: Luke Dashjr , Bitcoin Dev Content-Type: multipart/alternative; boundary=94eb2c123794274f7a053936d6f9 X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 04 Aug 2016 09:07:44 +0000 Subject: Re: [bitcoin-dev] BIP clearing house addresses X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2016 03:49:29 -0000 --94eb2c123794274f7a053936d6f9 Content-Type: text/plain; charset=UTF-8 "This is already possible. Just nLockTime your withdrawls for some future block. Don't sign any transaction that isn't nLockTime'd at least N blocks beyond the present tip." This would have prevented the Bitfinex hack if BitGo did this, but it wouldn't have helped if the Bitfinex offline key had been compromised instead of BitGo doing the 2nd sig. In the BFX hack the TXNs were signed by Bitfinex's hot key and BitGo's key, they required 2 of 2. If I'm understanding correctly, what Matthew is proposing is a new type of UTXO that is only valid to be spent as an nLockTime transaction and can be reversed by some sort of RBF-type transaction within that time period, I believe. But I don't think this will work. What do you do if the keys are compromised? What's to stop the attacker from locking the coins up indefinitely by repeatedly broadcasting a refund transaction each time you try to spend to an uncompromised address? You'd need a third distinct key required for the refund TXN that's separate from the keys used to sign the initial nLockTime TXN. And the refund TXN would need to be able to go to a new address entirely. On Aug 3, 2016 11:28 PM, "Luke Dashjr via bitcoin-dev" < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Wednesday, August 03, 2016 6:16:20 PM Matthew Roberts via bitcoin-dev > wrote: > > In light of the recent hack: what does everyone think of the idea of > > creating a new address type that has a reversal key and settlement layer > > that can be used to revoke transactions? > > This isn't something that makes sense at the address, since it represents > the > recipient and not the sender. Transactions are not sent from addresses > ever. > > > You could specify so that transactions "sent" from these addresses must > > receive N confirmations before they can't be revoked, after which the > > transaction is "settled" and the coins become redeemable from their > > destination output. A settlement phase would also mean that a > transaction's > > progress was publicly visible so transparent fraud prevention and > auditing > > would become possible by anyone. > > This is already possible. Just nLockTime your withdrawls for some future > block. Don't sign any transaction that isn't nLockTime'd at least N blocks > beyond the present tip. > > Luke > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --94eb2c123794274f7a053936d6f9 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

"This is already possible. Just nLockTime your withdraw= ls for some future
block. Don't sign any transaction that isn't nLockTime'd at lea= st N blocks
beyond the present tip."

This would have prevented the Bitfinex hack if BitGo did thi= s, but it wouldn't have helped if the Bitfinex offline key had been com= promised instead of BitGo doing the 2nd sig.=C2=A0 In the BFX hack the TXNs= were signed by Bitfinex's hot key and BitGo's key, they required 2= of 2.

If I'm understanding correctly, what Matthew is proposin= g is a new type of UTXO that is only valid to be spent as an nLockTime tran= saction and can be reversed by some sort of RBF-type transaction within tha= t time period, I believe.

But I don't think this will work. What do you do if the = keys are compromised?=C2=A0 What's to stop the attacker from locking th= e coins up indefinitely by repeatedly broadcasting a refund transaction eac= h time you try to spend to an uncompromised address?

You'd need a third distinct key required for the refund = TXN that's separate from the keys used to sign the initial nLockTime TX= N.=C2=A0 And the refund TXN would need to be able to go to a new address en= tirely.


On Aug 3, 2016 11= :28 PM, "Luke Dashjr via bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.org= > wrote:
On Wedne= sday, August 03, 2016 6:16:20 PM Matthew Roberts via bitcoin-dev
wrote:
> In light of the recent hack: what does everyone think of the idea of > creating a new address type that has a reversal key and settlement lay= er
> that can be used to revoke transactions?

This isn't something that makes sense at the address, since it represen= ts the
recipient and not the sender. Transactions are not sent from addresses ever= .

> You could specify so that transactions "sent" from these add= resses must
> receive N confirmations before they can't be revoked, after which = the
> transaction is "settled" and the coins become redeemable fro= m their
> destination output. A settlement phase would also mean that a transact= ion's
> progress was publicly visible so transparent fraud prevention and audi= ting
> would become possible by anyone.

This is already possible. Just nLockTime your withdrawls for some future block. Don't sign any transaction that isn't nLockTime'd at lea= st N blocks
beyond the present tip.

Luke
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--94eb2c123794274f7a053936d6f9--