From: Sergio Demian Lerner <sergio.d.lerner@gmail.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] New BIP: Dealing with OP_IF and OP_NOTIF malleability in P2WSH
Date: Wed, 17 Aug 2016 21:33:24 -0300 [thread overview]
Message-ID: <CAKzdR-peLkVqdrnQS61J=H4e4N5dAnXa_+UzXR4cGPsjn=cWHw@mail.gmail.com> (raw)
In-Reply-To: <CAAS2fgQ=Z+xmg0DcANV4vhp+XhpL1Vz0HNkJwNGdHTxtK1q1kg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1678 bytes --]
On Wed, Aug 17, 2016 at 9:19 PM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> On Thu, Aug 18, 2016 at 12:11 AM, Sergio Demian Lerner via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> > I think that we're not attacking the real source of the problem: that the
> > witness data size is not signed.
>
> It's not possible to do that for the general case, since you may not
> even know the witness size in advance (even for checksig's ECDSA, the
> encoding is variable sized).
>
> That's why scripts can check a maximum witness size, and not necessarily
an exact value.
I think that is overly focusing on "someone might change the feerate",
> yes that is an example of an undesirable witness tampering, but it's
> not the only one.
>
> I don't think fees are the problem. There is another problem. Let me
re-explain.
If I send a transaction to an IoT device (say to an OpenDime or to the old
Firmcoin), and the OpenDime must verify that the transaction has been mined
(SPV verification), then it may expect the witness program to be of certain
maximum size (an implementation-imposed limit). If a Miner modifies the
witness size and makes it too large, then the device may not be able to
accept the transaction and the bitcoins may be lost. Lost because the
private key is in the device, and because the device cannot accept that
cloned transaction, never ever.
The same is true (although less strict) for side-chains and drive-chains:
they may have certain restrictions on the size of transactions they accept
to lock bitcoins.
That's why I'm proposing that a transaction becomes INVALID if the witness
size is higher than the expected size (by the sender).
[-- Attachment #2: Type: text/html, Size: 2378 bytes --]
next prev parent reply other threads:[~2016-08-18 0:34 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-16 17:53 [bitcoin-dev] New BIP: Dealing with OP_IF and OP_NOTIF malleability in P2WSH Johnson Lau
2016-08-16 19:37 ` Luke Dashjr
2016-08-16 19:43 ` Peter Todd
2016-08-16 21:58 ` Joseph Poon
2016-08-16 22:23 ` Russell O'Connor
2016-08-16 22:30 ` Pieter Wuille
2016-08-16 22:36 ` Russell O'Connor
2016-08-16 22:39 ` Pieter Wuille
2016-08-16 22:52 ` Russell O'Connor
2016-08-17 0:18 ` Gregory Maxwell
2016-08-17 0:27 ` Russell O'Connor
2016-08-17 2:30 ` Peter Todd
2016-08-17 3:02 ` Johnson Lau
2016-08-17 4:40 ` Luke Dashjr
2016-08-17 10:15 ` Johnson Lau
2016-08-18 0:11 ` Sergio Demian Lerner
[not found] ` <CAAS2fgQ=Z+xmg0DcANV4vhp+XhpL1Vz0HNkJwNGdHTxtK1q1kg@mail.gmail.com>
2016-08-18 0:33 ` Sergio Demian Lerner [this message]
2016-08-18 3:00 ` Peter Todd
2016-09-05 14:55 ` Russell O'Connor
2016-09-01 11:39 ` Johnson Lau
2016-09-05 1:32 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKzdR-peLkVqdrnQS61J=H4e4N5dAnXa_+UzXR4cGPsjn=cWHw@mail.gmail.com' \
--to=sergio.d.lerner@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=gmaxwell@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox