diff options
author | Russell O'Connor <roconnor@blockstream.com> | 2022-07-11 20:21:40 -0400 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2022-07-12 00:21:56 +0000 |
commit | 5f4186306c7ed7a6087d38217b63f6af3738e128 (patch) | |
tree | 57a85ce5101008f5a7a44d0df39b2d54e17397dd /46 | |
parent | 830194e9252c08e68e2888bc99d3404d75a4e658 (diff) | |
download | pi-bitcoindev-5f4186306c7ed7a6087d38217b63f6af3738e128.tar.gz pi-bitcoindev-5f4186306c7ed7a6087d38217b63f6af3738e128.zip |
Re: [bitcoin-dev] Security problems with relying on transaction fees for security
Diffstat (limited to '46')
-rw-r--r-- | 46/d49a0da6a235f3d94fe077ca264e4a014b0929 | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/46/d49a0da6a235f3d94fe077ca264e4a014b0929 b/46/d49a0da6a235f3d94fe077ca264e4a014b0929 new file mode 100644 index 000000000..101837654 --- /dev/null +++ b/46/d49a0da6a235f3d94fe077ca264e4a014b0929 @@ -0,0 +1,187 @@ +Return-Path: <roconnor@blockstream.com> +Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) + by lists.linuxfoundation.org (Postfix) with ESMTP id 59519C002D + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 12 Jul 2022 00:21:56 +0000 (UTC) +Received: from localhost (localhost [127.0.0.1]) + by smtp1.osuosl.org (Postfix) with ESMTP id 345A084077 + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 12 Jul 2022 00:21:56 +0000 (UTC) +DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 345A084077 +Authentication-Results: smtp1.osuosl.org; + dkim=pass (2048-bit key) header.d=blockstream-com.20210112.gappssmtp.com + header.i=@blockstream-com.20210112.gappssmtp.com header.a=rsa-sha256 + header.s=20210112 header.b=mk5NY3I+ +X-Virus-Scanned: amavisd-new at osuosl.org +X-Spam-Flag: NO +X-Spam-Score: -1.899 +X-Spam-Level: +X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 + tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, + HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, + SPF_PASS=-0.001] autolearn=ham autolearn_force=no +Received: from smtp1.osuosl.org ([127.0.0.1]) + by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id Haf_ybmPM0VV + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 12 Jul 2022 00:21:52 +0000 (UTC) +X-Greylist: whitelisted by SQLgrey-1.8.0 +DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 73C6884072 +Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com + [IPv6:2607:f8b0:4864:20::f36]) + by smtp1.osuosl.org (Postfix) with ESMTPS id 73C6884072 + for <bitcoin-dev@lists.linuxfoundation.org>; + Tue, 12 Jul 2022 00:21:52 +0000 (UTC) +Received: by mail-qv1-xf36.google.com with SMTP id d17so1547191qvs.0 + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 11 Jul 2022 17:21:52 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=blockstream-com.20210112.gappssmtp.com; s=20210112; + h=mime-version:references:in-reply-to:from:date:message-id:subject:to; + bh=wIpHg8y0BJK1vsbvPOrRpt3SpaZBMS06qXaMNR3WsbE=; + b=mk5NY3I+ZOeW3sArIzjBdchTxKTJVQ1bxNAEO+q/cgzqMKPJVyelxEIrkPouqIlvRi + 25dBnt0NRU0FYhEsnJldbHrxrZySu/pf7FZsXJ2kBrI7MoSRrDJxlha1MNJ9Qqa6TtWV + RYuTeAvHyVZ0UKrKUII3DfxedjPVuSVxSf0Jmn36nHMR8DQ+jfp2m1O34ZSAqi6SbNKc + U77+79BCWhxxqIw6+6w6fP994ouTKCxL1Uy+xiO3ND2dSlJTqr7QPI6c7Hx/848/bA1K + mf66QBrZtQ/UXAmjcTfjPO405b5Mi4Li6/SJbzjIG1jXC+j01Nx2Uj1iQLii7oiQ6L95 + zuyg== +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20210112; + h=x-gm-message-state:mime-version:references:in-reply-to:from:date + :message-id:subject:to; + bh=wIpHg8y0BJK1vsbvPOrRpt3SpaZBMS06qXaMNR3WsbE=; + b=ME1BfwYDyZGVGvcpuajrK9ejvS3xYP/Wf2GDm7gZnA5OdtZ52RmONzvCK1kQ+NqF1V + z/dJmtM9YDsq4T/4MSlPfmLEERodtFE1OUgHzfbW2Ip0RyvVNdgSIYTZjTU53a2w9ltd + z9MTtptfwC3mW1dvZ3GPiaPXIhV5nCXdI32pN0aizAMR9Ap4ItmxfgP7+kgCtfDGUguZ + YtOLzsHJPBoClvHIZt/0sRIa343XFE8Lyp3fjONg77PwzRJWMav51b8IsUfggnmjXVKy + d12aZgIo9Uj/CnSl776B7vKagd5h+diRf513WFPcP9rO1Cc3nvFUC45VLTdAg1jvMu0O + Pvag== +X-Gm-Message-State: AJIora9f9TgiOzsDIx1lj3UTQFa5d1cTWRLWwLoGDP5u61WK8CdqE91+ + vZbIWIp3PbY3HBRcSfHzckR8ji5EfbpN+cibMkMBQH7o1fRMQw== +X-Google-Smtp-Source: AGRyM1tmRo+2c7x0jfxkS9pCWHQ1AwVAN3wxw9yk1zF6HB62gdXY36S1w9393yzHTiQTVZ+6isdBlW+D6D56sn/KWzg= +X-Received: by 2002:a0c:9c48:0:b0:473:5e9e:741 with SMTP id + w8-20020a0c9c48000000b004735e9e0741mr9289663qve.63.1657585311087; Mon, 11 Jul + 2022 17:21:51 -0700 (PDT) +MIME-Version: 1.0 +References: <CAHUJnBDYDbgr3C158o7c6_XXdG+kqJruFo=od_RmPFk_GS0udw@mail.gmail.com> + <CAMZUoKmN1Sj=C-asUKCB0hbe-V2fRMsFzNn6kcsJeigbnz3fgQ@mail.gmail.com> + <YsyX9Hjz4LU5otaT@petertodd.org> <YsycpTbb3IYpQ2I7@petertodd.org> +In-Reply-To: <YsycpTbb3IYpQ2I7@petertodd.org> +From: "Russell O'Connor" <roconnor@blockstream.com> +Date: Mon, 11 Jul 2022 20:21:40 -0400 +Message-ID: <CAMZUoKmsCjpcU323_Nbw2UBkcqTmBc9+yd9i=QBZvDX-gdH_hw@mail.gmail.com> +To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +Content-Type: multipart/alternative; boundary="000000000000a7181f05e390a76a" +Subject: Re: [bitcoin-dev] Security problems with relying on transaction + fees for security +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.15 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Tue, 12 Jul 2022 00:21:56 -0000 + +--000000000000a7181f05e390a76a +Content-Type: text/plain; charset="UTF-8" + +Oops, you are right. We need the bribe to be the output of the coinbase, +but due to the maturity rule, it isn't really a bribe. + +Too bad coinbases cannot take other coinbase outputs as inputs to bypass +the maturity rule. + +I guess that means the bribe has to be by leaving transactions in the +mempool. + +Also your point about centralization pressure is well taken. + +On Mon, Jul 11, 2022 at 5:56 PM Peter Todd <pete@petertodd.org> wrote: + +> On Mon, Jul 11, 2022 at 05:36:52PM -0400, Peter Todd via bitcoin-dev wrote: +> > On Mon, Jul 11, 2022 at 04:35:02PM -0400, Russell O'Connor via +> bitcoin-dev wrote: +> > > > What happens after that I'm not sure. +> > > > +> > > +> > > Miners will learn to create anyone-can-spend outputs to bribe other +> miners +> > > to build on their block rather than reorg it. (Due to the coinbase +> > > maturity, this will require some amount of floating capital.) +> > +> > ...and that's a disaster for mining centralization, because the smaller +> miners +> > need to pay larger bribes than larger miners. Not to mention having to +> keep +> > capital around to do it. +> +> Also, note how from a practical point of view, we'll need to add a new +> type of +> tx that's only valid in a specific block, or other miners will just reorg +> those +> anyone-can-spend outputs to steal them. It's not all that trivial to +> actually +> do that... you'd have to have a signature that commits to the non-segwit +> part +> of the coinbase outputs. Ugh. +> +> -- +> https://petertodd.org 'peter'[:-1]@petertodd.org +> + +--000000000000a7181f05e390a76a +Content-Type: text/html; charset="UTF-8" +Content-Transfer-Encoding: quoted-printable + +<div dir=3D"ltr"><div>Oops, you are right.=C2=A0 We need the bribe to be th= +e output of the coinbase, but due to the maturity rule, it isn't really= + a bribe.</div><div><div><br></div><div>Too bad coinbases cannot take other= + coinbase outputs as inputs to bypass the maturity rule.</div><div><br></di= +v></div><div>I guess that means the bribe has to be by leaving transactions= + in the mempool.</div><div><br></div><div>Also your point about centralizat= +ion pressure is well taken.</div><div><br></div><div class=3D"gmail_quote">= +<div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jul 11, 2022 at 5:56 PM Peter= + Todd <<a href=3D"mailto:pete@petertodd.org">pete@petertodd.org</a>> = +wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0= +px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, J= +ul 11, 2022 at 05:36:52PM -0400, Peter Todd via bitcoin-dev wrote:<br> +> On Mon, Jul 11, 2022 at 04:35:02PM -0400, Russell O'Connor via bit= +coin-dev wrote:<br> +> > > What happens after that I'm not sure.<br> +> > ><br> +> > <br> +> > Miners will learn to create anyone-can-spend outputs to bribe oth= +er miners<br> +> > to build on their block rather than reorg it.=C2=A0 (Due to the c= +oinbase<br> +> > maturity, this will require some amount of floating capital.)<br> +> <br> +> ...and that's a disaster for mining centralization, because the sm= +aller miners<br> +> need to pay larger bribes than larger miners. Not to mention having to= + keep<br> +> capital around to do it.<br> +<br> +Also, note how from a practical point of view, we'll need to add a new = +type of<br> +tx that's only valid in a specific block, or other miners will just reo= +rg those<br> +anyone-can-spend outputs to steal them. It's not all that trivial to ac= +tually<br> +do that... you'd have to have a signature that commits to the non-segwi= +t part<br> +of the coinbase outputs. Ugh.<br> +<br> +-- <br> +<a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank">http= +s://petertodd.org</a> 'peter'[:-1]@<a href=3D"http://petertodd.org"= + rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br> +</blockquote></div></div> + +--000000000000a7181f05e390a76a-- + |