summaryrefslogtreecommitdiff
path: root/46
diff options
context:
space:
mode:
authorRussell O'Connor <roconnor@blockstream.com>2022-07-11 20:21:40 -0400
committerbitcoindev <bitcoindev@gnusha.org>2022-07-12 00:21:56 +0000
commit5f4186306c7ed7a6087d38217b63f6af3738e128 (patch)
tree57a85ce5101008f5a7a44d0df39b2d54e17397dd /46
parent830194e9252c08e68e2888bc99d3404d75a4e658 (diff)
downloadpi-bitcoindev-5f4186306c7ed7a6087d38217b63f6af3738e128.tar.gz
pi-bitcoindev-5f4186306c7ed7a6087d38217b63f6af3738e128.zip
Re: [bitcoin-dev] Security problems with relying on transaction fees for security
Diffstat (limited to '46')
-rw-r--r--46/d49a0da6a235f3d94fe077ca264e4a014b0929187
1 files changed, 187 insertions, 0 deletions
diff --git a/46/d49a0da6a235f3d94fe077ca264e4a014b0929 b/46/d49a0da6a235f3d94fe077ca264e4a014b0929
new file mode 100644
index 000000000..101837654
--- /dev/null
+++ b/46/d49a0da6a235f3d94fe077ca264e4a014b0929
@@ -0,0 +1,187 @@
+Return-Path: <roconnor@blockstream.com>
+Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
+ by lists.linuxfoundation.org (Postfix) with ESMTP id 59519C002D
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 12 Jul 2022 00:21:56 +0000 (UTC)
+Received: from localhost (localhost [127.0.0.1])
+ by smtp1.osuosl.org (Postfix) with ESMTP id 345A084077
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 12 Jul 2022 00:21:56 +0000 (UTC)
+DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 345A084077
+Authentication-Results: smtp1.osuosl.org;
+ dkim=pass (2048-bit key) header.d=blockstream-com.20210112.gappssmtp.com
+ header.i=@blockstream-com.20210112.gappssmtp.com header.a=rsa-sha256
+ header.s=20210112 header.b=mk5NY3I+
+X-Virus-Scanned: amavisd-new at osuosl.org
+X-Spam-Flag: NO
+X-Spam-Score: -1.899
+X-Spam-Level:
+X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
+ tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
+ HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
+ SPF_PASS=-0.001] autolearn=ham autolearn_force=no
+Received: from smtp1.osuosl.org ([127.0.0.1])
+ by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id Haf_ybmPM0VV
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 12 Jul 2022 00:21:52 +0000 (UTC)
+X-Greylist: whitelisted by SQLgrey-1.8.0
+DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 73C6884072
+Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com
+ [IPv6:2607:f8b0:4864:20::f36])
+ by smtp1.osuosl.org (Postfix) with ESMTPS id 73C6884072
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Tue, 12 Jul 2022 00:21:52 +0000 (UTC)
+Received: by mail-qv1-xf36.google.com with SMTP id d17so1547191qvs.0
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 11 Jul 2022 17:21:52 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=blockstream-com.20210112.gappssmtp.com; s=20210112;
+ h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
+ bh=wIpHg8y0BJK1vsbvPOrRpt3SpaZBMS06qXaMNR3WsbE=;
+ b=mk5NY3I+ZOeW3sArIzjBdchTxKTJVQ1bxNAEO+q/cgzqMKPJVyelxEIrkPouqIlvRi
+ 25dBnt0NRU0FYhEsnJldbHrxrZySu/pf7FZsXJ2kBrI7MoSRrDJxlha1MNJ9Qqa6TtWV
+ RYuTeAvHyVZ0UKrKUII3DfxedjPVuSVxSf0Jmn36nHMR8DQ+jfp2m1O34ZSAqi6SbNKc
+ U77+79BCWhxxqIw6+6w6fP994ouTKCxL1Uy+xiO3ND2dSlJTqr7QPI6c7Hx/848/bA1K
+ mf66QBrZtQ/UXAmjcTfjPO405b5Mi4Li6/SJbzjIG1jXC+j01Nx2Uj1iQLii7oiQ6L95
+ zuyg==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20210112;
+ h=x-gm-message-state:mime-version:references:in-reply-to:from:date
+ :message-id:subject:to;
+ bh=wIpHg8y0BJK1vsbvPOrRpt3SpaZBMS06qXaMNR3WsbE=;
+ b=ME1BfwYDyZGVGvcpuajrK9ejvS3xYP/Wf2GDm7gZnA5OdtZ52RmONzvCK1kQ+NqF1V
+ z/dJmtM9YDsq4T/4MSlPfmLEERodtFE1OUgHzfbW2Ip0RyvVNdgSIYTZjTU53a2w9ltd
+ z9MTtptfwC3mW1dvZ3GPiaPXIhV5nCXdI32pN0aizAMR9Ap4ItmxfgP7+kgCtfDGUguZ
+ YtOLzsHJPBoClvHIZt/0sRIa343XFE8Lyp3fjONg77PwzRJWMav51b8IsUfggnmjXVKy
+ d12aZgIo9Uj/CnSl776B7vKagd5h+diRf513WFPcP9rO1Cc3nvFUC45VLTdAg1jvMu0O
+ Pvag==
+X-Gm-Message-State: AJIora9f9TgiOzsDIx1lj3UTQFa5d1cTWRLWwLoGDP5u61WK8CdqE91+
+ vZbIWIp3PbY3HBRcSfHzckR8ji5EfbpN+cibMkMBQH7o1fRMQw==
+X-Google-Smtp-Source: AGRyM1tmRo+2c7x0jfxkS9pCWHQ1AwVAN3wxw9yk1zF6HB62gdXY36S1w9393yzHTiQTVZ+6isdBlW+D6D56sn/KWzg=
+X-Received: by 2002:a0c:9c48:0:b0:473:5e9e:741 with SMTP id
+ w8-20020a0c9c48000000b004735e9e0741mr9289663qve.63.1657585311087; Mon, 11 Jul
+ 2022 17:21:51 -0700 (PDT)
+MIME-Version: 1.0
+References: <CAHUJnBDYDbgr3C158o7c6_XXdG+kqJruFo=od_RmPFk_GS0udw@mail.gmail.com>
+ <CAMZUoKmN1Sj=C-asUKCB0hbe-V2fRMsFzNn6kcsJeigbnz3fgQ@mail.gmail.com>
+ <YsyX9Hjz4LU5otaT@petertodd.org> <YsycpTbb3IYpQ2I7@petertodd.org>
+In-Reply-To: <YsycpTbb3IYpQ2I7@petertodd.org>
+From: "Russell O'Connor" <roconnor@blockstream.com>
+Date: Mon, 11 Jul 2022 20:21:40 -0400
+Message-ID: <CAMZUoKmsCjpcU323_Nbw2UBkcqTmBc9+yd9i=QBZvDX-gdH_hw@mail.gmail.com>
+To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Content-Type: multipart/alternative; boundary="000000000000a7181f05e390a76a"
+Subject: Re: [bitcoin-dev] Security problems with relying on transaction
+ fees for security
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.15
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Tue, 12 Jul 2022 00:21:56 -0000
+
+--000000000000a7181f05e390a76a
+Content-Type: text/plain; charset="UTF-8"
+
+Oops, you are right. We need the bribe to be the output of the coinbase,
+but due to the maturity rule, it isn't really a bribe.
+
+Too bad coinbases cannot take other coinbase outputs as inputs to bypass
+the maturity rule.
+
+I guess that means the bribe has to be by leaving transactions in the
+mempool.
+
+Also your point about centralization pressure is well taken.
+
+On Mon, Jul 11, 2022 at 5:56 PM Peter Todd <pete@petertodd.org> wrote:
+
+> On Mon, Jul 11, 2022 at 05:36:52PM -0400, Peter Todd via bitcoin-dev wrote:
+> > On Mon, Jul 11, 2022 at 04:35:02PM -0400, Russell O'Connor via
+> bitcoin-dev wrote:
+> > > > What happens after that I'm not sure.
+> > > >
+> > >
+> > > Miners will learn to create anyone-can-spend outputs to bribe other
+> miners
+> > > to build on their block rather than reorg it. (Due to the coinbase
+> > > maturity, this will require some amount of floating capital.)
+> >
+> > ...and that's a disaster for mining centralization, because the smaller
+> miners
+> > need to pay larger bribes than larger miners. Not to mention having to
+> keep
+> > capital around to do it.
+>
+> Also, note how from a practical point of view, we'll need to add a new
+> type of
+> tx that's only valid in a specific block, or other miners will just reorg
+> those
+> anyone-can-spend outputs to steal them. It's not all that trivial to
+> actually
+> do that... you'd have to have a signature that commits to the non-segwit
+> part
+> of the coinbase outputs. Ugh.
+>
+> --
+> https://petertodd.org 'peter'[:-1]@petertodd.org
+>
+
+--000000000000a7181f05e390a76a
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: quoted-printable
+
+<div dir=3D"ltr"><div>Oops, you are right.=C2=A0 We need the bribe to be th=
+e output of the coinbase, but due to the maturity rule, it isn&#39;t really=
+ a bribe.</div><div><div><br></div><div>Too bad coinbases cannot take other=
+ coinbase outputs as inputs to bypass the maturity rule.</div><div><br></di=
+v></div><div>I guess that means the bribe has to be by leaving transactions=
+ in the mempool.</div><div><br></div><div>Also your point about centralizat=
+ion pressure is well taken.</div><div><br></div><div class=3D"gmail_quote">=
+<div dir=3D"ltr" class=3D"gmail_attr">On Mon, Jul 11, 2022 at 5:56 PM Peter=
+ Todd &lt;<a href=3D"mailto:pete@petertodd.org">pete@petertodd.org</a>&gt; =
+wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0=
+px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Mon, J=
+ul 11, 2022 at 05:36:52PM -0400, Peter Todd via bitcoin-dev wrote:<br>
+&gt; On Mon, Jul 11, 2022 at 04:35:02PM -0400, Russell O&#39;Connor via bit=
+coin-dev wrote:<br>
+&gt; &gt; &gt; What happens after that I&#39;m not sure.<br>
+&gt; &gt; &gt;<br>
+&gt; &gt; <br>
+&gt; &gt; Miners will learn to create anyone-can-spend outputs to bribe oth=
+er miners<br>
+&gt; &gt; to build on their block rather than reorg it.=C2=A0 (Due to the c=
+oinbase<br>
+&gt; &gt; maturity, this will require some amount of floating capital.)<br>
+&gt; <br>
+&gt; ...and that&#39;s a disaster for mining centralization, because the sm=
+aller miners<br>
+&gt; need to pay larger bribes than larger miners. Not to mention having to=
+ keep<br>
+&gt; capital around to do it.<br>
+<br>
+Also, note how from a practical point of view, we&#39;ll need to add a new =
+type of<br>
+tx that&#39;s only valid in a specific block, or other miners will just reo=
+rg those<br>
+anyone-can-spend outputs to steal them. It&#39;s not all that trivial to ac=
+tually<br>
+do that... you&#39;d have to have a signature that commits to the non-segwi=
+t part<br>
+of the coinbase outputs. Ugh.<br>
+<br>
+-- <br>
+<a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank">http=
+s://petertodd.org</a> &#39;peter&#39;[:-1]@<a href=3D"http://petertodd.org"=
+ rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br>
+</blockquote></div></div>
+
+--000000000000a7181f05e390a76a--
+