Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 580661765 for ; Fri, 11 Oct 2019 21:24:30 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BB88514D for ; Fri, 11 Oct 2019 21:24:29 +0000 (UTC) Received: by mail-pg1-f179.google.com with SMTP id y35so6507693pgl.1 for ; Fri, 11 Oct 2019 14:24:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=purse.io; s=google; h=to:references:from:openpgp:autocrypt:subject:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=7p2R1NfQe0UVDFHYw8adG2volXQw6XHhr9jt/CnDNg4=; b=VvnP3hetUUootStMJlOM8BOxsKBWjIAHfWt9EhjKHNfuxgwE2/iDi1j9/TURuNNHdC PxIy8tJDPyT6e6EN5EsQ2lnIIIr8Zjqf3ZPeFmN5yr3WT5+Nh3YfuONiKJXcYG3nRWRn fqk6SWa+lKMM28f9SUFkXJffVljFaz4bGMraE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:openpgp:autocrypt:subject :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=7p2R1NfQe0UVDFHYw8adG2volXQw6XHhr9jt/CnDNg4=; b=YStsrVD4wbDKiqS5m2a8FOBoIf/ROYSqQQ0A6f+a1cuyylfH0UvDgeScwjBfElV7Qz FJrIjlk6vobi/GEmpVMsBglOHJdfUNPrpwR2Ra3bGykB3iMhwNxoRYyvLkCJaQgiyv+l bQwzy9cwB/zwB12zmnh1K9eHwnFqbZQJpv9z6spqTzRzell7M3L845BBlOOGlDoJeJzg IeiJWRL2pwVeuPUzPzoQh2Q9w9ctW1pGSBsRUjvy9KV8efzafj4mcruVkCuMUSdSJg3x dn26ERKluVYUpB5yK0aIxwVAPJUvaLFImgCib40WFmiMszWPbmsUhHTsl/wlujBo4z/d rduQ== X-Gm-Message-State: APjAAAXI0SViM0uSYvRFvlqOMIswJav8L5yjbBMoCSehEzfaAdowbfQ5 6LbN+lKoFNH90tPCqm0NIz/JM8QgVZU= X-Google-Smtp-Source: APXvYqyn1hJKOvTJ3TGnTI7I01nD9Ww4TGVdKRE2Tn0QF/W0Zod9S7bUVVOzh/jlEBcV92KfJ6YFyg== X-Received: by 2002:a65:62d2:: with SMTP id m18mr18742097pgv.117.1570829068768; Fri, 11 Oct 2019 14:24:28 -0700 (PDT) Received: from [10.0.0.199] ([198.244.101.193]) by smtp.gmail.com with ESMTPSA id e192sm14313323pfh.83.2019.10.11.14.24.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Oct 2019 14:24:28 -0700 (PDT) To: "David A. Harding" , Bitcoin Protocol Discussion References: <42cd5ffd-63e8-b738-c4ea-13d0699b1268@purse.io> <20191004082031.ns3pgzwh2zz2mxyc@ganymede> From: Braydon Fuller Openpgp: preference=signencrypt Autocrypt: addr=braydon@purse.io; keydata= xsFNBFsEkasBEAC4oPJQsFWAM0OjNJlYUxJbTV8bo1TgXwZdNZWewG6fvQQ+iGGImy/a5h10 /9V+/Ctio8ayAfpk6V3z/vxq8IdPVcsWccHLnguaAEEhYnKdGZfsohcQMO4LR63R6vPrUYUJ ehVzt2YZ5F495iRDKwbQLXbmXF9vLtaKuf/6hbVmlG7bM59eVKcvpE8EKm95Lpw+CBE3uKc3 RxTcKHgo6QrkClm19GNDDkmHxM/k+hGT3M+sXGhgpL2940AGKsXuTPghgLQ+5seBWtzuWV31 Uf0ltHx6Ks1w0mlgZZ+u4wlljMHIBKLr4cYDOF8AYxyVcPzuQLdRjIIKEgpMDQW7ftbgGM/q hgGg2mN036KTUfT1HkmT82Z3D3z4ACJ/bY/J+mJw0baqcJpezndd1M6dnDNF9Slst2Mr+Loe JdN1tY5kk6/OWwAI5L15hmdiRWUBryJqun7sy23cmVPSOrtaIfl7/SEFJ+MuXbK53+mFGT2P CpdRzV4MrKr9qbBaXkkhvEfoL2z6VwIFBprqZjthPHcHR8r6QSTpZdsD+7+qoq2o4MDUqP54 5a3kGI3l6VW767VE/NUIocyO7Z9D/EZOCk22ElTLTCzWm0JvxxGJoalebLQcGey/A9WWGOv/ ydwvTry3PWAzrrXNt43McHHwZXU4vSLnAtAxQy06Nt9wsWo+2QARAQABzSFCcmF5ZG9uIEZ1 bGxlciA8YnJheWRvbkBwdXJzZS5pbz7CwZcEEwEIAEECGwMFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4ACGQEWIQRbfcWNkP7B6ZCjELryTyMtEIs61AUCXL9UPwUJA5v2FAAKCRDyTyMtEIs6 1HOwEACedBLpkYrFeLANxD25USZunMt4KA58ZkY7Ap2m7KFcxjZD07YIjtxJyMLhHhMz6pR7 fF5BFHbl8CtAhpTuz5Sj9X3K0eilNsXvdx18+3RMUpFVAwlEEev707q6zNqKsRd1CG7e0k4o 28YAgwbt42UIPUoKTcEpT4C51sDa5d4NZsGnFcXeEdpBSQVi56vap0eJrQTSFpV0sG497HNN p96ErrGpqlOkTofcBeytpQbhH9kbP58PMABwU3tmoMFhT0kklPPZatv7RDLmC8cra5muXEwd wv7ggauHbMbV3U1xZ/BNPwHm7jO1ygqR6Q4Y98miRUP4yH9SJsnr+q7bpD4yOUy/qP0Ve0Y0 jFgX4e4DrnckO/2rG4lB2SbKiAWAOW5aGTnUAZt6agegXY62kHpuUHGcgYkeQqDWKLZWjFAA vj8Gm5f+1thWk+4I0rFQBtaAoitd+qKPWFYSojjvKH4PLqoOV413qxZbrRlGxZb2TkJnxYpO imOq/H6bHCnJUA8NI1v5rXmGQXfwhofMX9dHpGK864G+i59AX9L0EEQngDXZPlSEkyISaBY7 JFBhuIPcY8MrhUkNWl1G2RcssjHeexmo2qNrKH4bWFF7xCCTmdGUSoHzaHDe/cIqmI0aRkqf HQ4MpadD8flLLMqV/ODYfpSD3AuwM/m8Uj9nvfnMRs7BTQRbBJGrARAA3+SVdBJUThjPx/J5 G4A1dd2vKVRRprW+pyJ0XDbNrRVOEnxr3okz2F4Htg72oULwsNcuCmgFxDlxIFMitzZAWbuL fq9FR7snaW3PMlkj44eezq3emYXVv3C3lc6MudAOqkQKNzakyaA/6cNVlQnVmrpctpFHtUNi oeivM9IeCP52scTH84qeRZofmnedc3FAxKMJ9OZi4Miigsd/DhzhUqbAePrCMlQQsM/HXSNs 2qoMK3Bo6lcHzV7qyI9w19tmFouX06ULnAAM1dJZcCUL31FLtaIrGbcXA+99a8dlOUb68rj9 9H3V3zDjJscDBgJ2mziuuS/naG/NK+RVhVh3KqtViC62nGgA1tS1aLKZ7KDeyzu4FiE2bCPh 6b4IlIQijzqwTyPJt+0Muf2FYxir9GwgMnVqJ/fYaT671RCcUrkq2krVzdHq/HX7A8Hyfftc BMEt4yZJt/bZ7ryyWJ8PlQJP3HGqz+hpHmwrwmJgj5RbmktVMw3RAEipJrEHD1Q7wIhPNYpy 6FIwFlDxwpUQOUYGEZYww9LRZiapN0FeDcFp6CUMRgJH24ZQzFk8J5N4PAzZrIZfQba71bDA z3902PDt66qiIiG2muTbd8eIeCzx9RxWhDmQclzXn5WxfPU6l0E9NgLNFoNCppLaTz2S/Gxw ZzrSduMLfVlhKPDjv2EAEQEAAcLBZQQYAQIADwUCWwSRqwIbDAUJAeEzgAAKCRDyTyMtEIs6 1MLqD/9vMXLRhe5w6oBKuL0tj+ChLhkQEM66Q7O4urWmvl8yf/ThNi0/LydGAYawCUWud2ph aOg4vH0IUvUhlLDRcYc2MdfwJi8aj8G7YC/OUKwwFDfYyY9zIk1C5yXn6LigkjOL0PyYI0MM 2gk64t/PK+Rny8jz6QjwZ4AMsoTpo698LSYS7LcvOETp+3yz0LYtkPP36FqoG2hudjh015Gk DSIHWckot4TJXK8OOHOuKwUz2fteGsFeM4bmTiArCRXsAkRWo0VbA6hPinK0Zr/xLNSYIx94 IXe5q9ISZc6ceuWyisVsUZxUgJJGyNSvXXwx4zoSS7BXyTo7syjpKd09nhCL3QGfuHugJ/1/ DCaNtKUu2C+rUe1Ux6/qteCVUsAM+bDfDBQ/vS1tnyn9OVBTOZqXvChL4f+MAN2Wws/+Llxw DqGMX6YC/ZBWM56XGApL1zj93nygxbN8s8yXqqMQNghTjwj9IqyaNQcKO/AslSmFlW6RXz1Y RDT4mSKdAogbdDqmguGc05kUaOSkqSb0bL34iQ/dm4PyVxjSGSDRr8TQOjQGz0rSEh6Q+LZ9 zRltkmEMkdkyWQZ4tYsBbQv2TU+tCfKMIUCZ7xEHuvjAKZIms9Ers3zVS+PcRr9i6mvMtbNM ufP9MwSx7PqsHuv/PWdoI3uwanxYzk1GTLALMsy2icLBfAQYAQIAJgIbDBYhBFt9xY2Q/sHp kKMQuvJPIy0QizrUBQJcv1RFBQkDm/YaAAoJEPJPIy0QizrUjvoP/R6Wi8Ol1QiOWrxLZyL9 NYtU1Q+P46R8Q0d6gFRkrC9MKJlzaTRzPxdaWyJURnh1pXHbykB3/b6Bg/WN7o7Wips8KIhL PzrNUiCZIsrBxUR29no7NzU6o7rSuu/9j5OfiyW/jViRJ3oi1jdYdFx7qx/56j1I54q6NHAk i2AoG07RbXsRsh0x5vv4VIEFNwRRHmn/d185NTDeoVj9IanVhF6zna9M2iX3AgUOLovF7PiM d/oF5XDwuzEDiBIorGi4WTqiCDjl7menb657af1DsPV68gKCiVFQNwfbawtUzUBasfaCFkR5 NuXWFqYN/305vlK/IN2GDPrwwOFsQK9pG4fYDDC5Pi9fy9wLrwtlebRuraLCHsiho8mYtEhM QTU7oQwWga9Ax6BXbnStmX1kEev41CEEvnaVtqzuT0VKJjnre/7z8+bRC1tbqvN5CKTQ1k3d 5uwFqCBOxtoY6NLmYT37zFq34etKgpqCri6lEMtM57icMd4SPaADSXly/EyUTPbb/iGvQVOS NFPpY30rTBA8rJJ5Iawe1OjG2dcYwKkFfGjGU7bbHp9ClG1d3YM7kDxVkgdIVAWhEY905HB4 KXQZd0eW19JjNwLVMNzgBh07BiaXl16tWY+P7pQdPrbLctiIVqsYx+IU74M7riDEMTGjsosr lL56VCOJffiN9F1L Message-ID: <69e6c777-ae56-0f33-85a6-84108a38e1ab@purse.io> Date: Fri, 11 Oct 2019 14:24:27 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191004082031.ns3pgzwh2zz2mxyc@ganymede> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sat, 12 Oct 2019 01:30:49 +0000 Subject: Re: [bitcoin-dev] Chain width expansion X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2019 21:24:30 -0000 On 10/4/19 1:20 AM, David A. Harding wrote: > On Thu, Oct 03, 2019 at 05:38:36PM -0700, Braydon Fuller via bitcoin-de= v wrote: >> This paper describes a solution [to DoS attacks] that does not >> require enabling or maintaining checkpoints and provides improved secu= rity. >> [...]=20 >> The paper is available at: >> https://bcoin.io/papers/bitcoin-chain-expansion.pdf > Hi Braydon, > > Thank you for researching this important issue. An alternative solutio= n > proposed some time ago (I believe originally by Gregory Maxwell) was a > soft fork to raise the minimum difficulty. You can find discussion of > it in various old IRC conversations[1,2] as well as in related changes > to Bitcoin Core such as PR #9053 addining minimum chain work[3] and the= > assumed-valid change added in Bitcoin Core 0.14.0[4]. > > [1] http://www.erisian.com.au/meetbot/bitcoin-core-dev/2016/bitcoin-cor= e-dev.2016-10-27-19.01.log.html#l-121 > [2] http://www.erisian.com.au/meetbot/bitcoin-core-dev/2017/bitcoin-cor= e-dev.2017-03-02-19.01.log.html#l-57 > [3] https://github.com/bitcoin/bitcoin/pull/9053/commits/fd46136dfaf68a= 7046cf7b8693824d73ac6b1caf > [4] https://bitcoincore.org/en/2017/03/08/release-0.14.0/#assumed-valid= -blocks > Okay, here is an overview of what I have found for the minimum difficulty proposal: It describes having a new consensus rule to not fork or accept headers prior to, or below, a minimum difficulty once the best chain work is achieved at release time of the software. This would be instead of the rule to not fork before the last checkpoint, as checkpoints are removed. It has an advantage to the existing checkpoint solution as it does not require checkpoints to be enabled. This is not a surprise as the proposal was to remove checkpoints entirely. It would increase the cost of the attack without checkpoints. Long header chains would need to be built using this minimum difficulty, instead of the current lowest difficulty of the genesis block. The exact cost of that is not yet calculated. There are a few caveats with the approach mentioned; nodes are vulnerable if the initial loader peer is the attacker, it could leave minority hashpower without an ability to softfork away during a contentious hardfork, and requires period consensus changes to continue to maintain: =C2=A0 - Nodes are vulnerable during the initial sync when joining the network until the minimum chainwork is achieved. This is possible if the loader peer is the attacker. To mitigate this there would need to be a minimum chainwork defined based on the current chainwork. However, such could also be used to prevent nodes from joining the network as it's rejecting rather that throttling. =C2=A0 - A contentious hardfork could leave a minority hashpower without = an ability to softfork away without agreeing on a hardfork. This was the reason why the minimum difficulty was about 10 devices instead of 10,000.= =C2=A0 - It's technically a consensus change each time the minimum diffic= ulty or best chainwork is updated. It is a similar consensus change as maintaining the last checkpoint, as it's used to prevent forking prior to the last checkpoint. I think the solution proposed in the Bitcoin Chain Width Expansion paper solves those issues by limiting chain width and throttling based on chainwork, instead of rejecting blocks based on the minimum difficulty.