From: Drak <drak@zikula.org>
To: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Possible Solution To SM Attack
Date: Tue, 5 Nov 2013 23:44:15 +0000 [thread overview]
Message-ID: <CANAnSg1vrUZPuioZ7LQcSK4MeiWWWQ2nggnDYp5VP4WdhtErhQ@mail.gmail.com> (raw)
In-Reply-To: <CAAS2fgTofL7ura17KjUR5pL_fOOM=a0gdZTZ7seVMRPOPi66xw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1424 bytes --]
On 5 November 2013 23:06, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> On Tue, Nov 5, 2013 at 2:15 PM, Drak <drak@zikula.org> wrote:
> > If I understand the issue properly, this seems like a pretty elegant
> > solution: if two blocks are broadcast within a certain period of
> eachother,
> > chose the lower target. That's a provable fair way of randomly choosing
> the
> > winning block and would seem like a pretty simply patch.
>
> uh. and so when my solution is, by chance, unusually low... I am
> incentivized to hurry up and release my block because?
Yes, I saw the flaw as pointed out by Quinn so I then suggested two step
solution:
1. Decide high or low by taking a the leading bytes from
hash(alice)+hash(bob): above certain number we the rule is "higher wins",
below a certain number the "lower hash wins"
2. Chose winner based on the higher or lower of hash(alice) or hash(bob)
based on the rule coming from 1
Now you have a situation where you don't know the rules of the game in
advance (whether high or low wins) until the hands are already dealt nor
have any idea about how high or low Bob's hash will be since it's not based
on target anymore, but on a hash of the blockhash so it makes it a guessing
game.
You might have an unusually high or low hash, but then you have no idea
whether higher or lower is going to win. So it is better for Alice to just
broadcast the block.
What do you think?
Drak
[-- Attachment #2: Type: text/html, Size: 2100 bytes --]
next prev parent reply other threads:[~2013-11-05 23:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-05 20:51 [Bitcoin-development] Possible Solution To SM Attack colj
2013-11-05 22:07 ` Quinn Harris
2013-11-05 23:03 ` Drak
2013-11-06 0:26 ` Quinn Harris
2013-11-05 22:15 ` Drak
2013-11-05 23:06 ` Gregory Maxwell
2013-11-05 23:44 ` Drak [this message]
2013-11-06 0:00 ` Gavin Andresen
2013-11-06 0:37 ` rob.golding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANAnSg1vrUZPuioZ7LQcSK4MeiWWWQ2nggnDYp5VP4WdhtErhQ@mail.gmail.com \
--to=drak@zikula.org \
--cc=bitcoin-development@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox