Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YaqtM-0002Uu-Rl for bitcoin-development@lists.sourceforge.net; Wed, 25 Mar 2015 19:23:04 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.171 as permitted sender) client-ip=209.85.223.171; envelope-from=gmaxwell@gmail.com; helo=mail-ie0-f171.google.com; Received: from mail-ie0-f171.google.com ([209.85.223.171]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YaqtM-0001Qk-1j for bitcoin-development@lists.sourceforge.net; Wed, 25 Mar 2015 19:23:04 +0000 Received: by iecvj10 with SMTP id vj10so30283028iec.0 for ; Wed, 25 Mar 2015 12:22:58 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.107.31.14 with SMTP id f14mr15788835iof.28.1427311378806; Wed, 25 Mar 2015 12:22:58 -0700 (PDT) Received: by 10.107.6.133 with HTTP; Wed, 25 Mar 2015 12:22:58 -0700 (PDT) In-Reply-To: <551301F0.9020806@thinlink.com> References: <55121611.1030104@thinlink.com> <551301F0.9020806@thinlink.com> Date: Wed, 25 Mar 2015 19:22:58 +0000 Message-ID: From: Gregory Maxwell To: Tom Harding Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YaqtM-0001Qk-1j Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Address Expiration to Prevent Reuse X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Mar 2015 19:23:04 -0000 On Wed, Mar 25, 2015 at 6:44 PM, Tom Harding wrote: > Is this assuming payment protocol? A major benefit of address > expiration, if it works, would be that it works without requiring > payment protocol. Not at all. > Are you suggesting there is no implementation of address expiration that > wouldn't allow the string to be trivially changed by the sender? The sender is always able to intentionally hide their payment under a rock-- There is no encoding that can prevent that. The defense against that is to not accept payments not made according to the payees specification. > I don't understand, explanation would be appreciated. To reject reused scriptPubKeys you must remember past scriptPubkeys in order to test against them. For illustration purposes imagine a bitcoin system where there is only a single base unit available for trade. Verification of that chain requires O(1) storage (the identity of the current chain tip, and the identity of the spendable coin.). Verification with duplicate elimination requires O(N) storage (with N being the length of the history), since you need to track all the duplicates to reject. (The same is true for actual Bitcoin as well, though the constant factors make the difference somewhat less stark.)