Return-Path: <user@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id A8F2E17B9
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat,  9 Jun 2018 12:51:06 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from outmail149080.authsmtp.com (outmail149080.authsmtp.com
	[62.13.149.80])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 07D6A604
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat,  9 Jun 2018 12:51:05 +0000 (UTC)
Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247])
	by punt24.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w59Cp3ig031208;
	Sat, 9 Jun 2018 13:51:03 +0100 (BST)
	(envelope-from user@petertodd.org)
Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
	[52.5.185.120]) (authenticated bits=0)
	by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w59Cp0jW046505
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); 
	Sat, 9 Jun 2018 13:51:01 +0100 (BST)
	(envelope-from user@petertodd.org)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by petertodd.org (Postfix) with ESMTPSA id 6F53A400FB;
	Sat,  9 Jun 2018 12:51:00 +0000 (UTC)
Received: by localhost (Postfix, from userid 1000)
	id A2ECE22043; Sat,  9 Jun 2018 08:50:58 -0400 (EDT)
Date: Sat, 9 Jun 2018 08:50:58 -0400
From: Peter Todd <pete@petertodd.org>
To: Sergio Demian Lerner <sergio.d.lerner@gmail.com>
Message-ID: <20180609125058.sk3rdoyl7li73qdo@petertodd.org>
References: <20180607171311.6qdjohfuuy3ufriv@petertodd.org>
	<CAHUJnBB7UL3mH6SixP_M4yooMVP3DgZa+5hiQOmF=AiqfdpfOg@mail.gmail.com>
	<20180607222028.zbva4vrv64dzrmxy@petertodd.org>
	<CAHUJnBCj8wnjP1=jobfpg7jkfjkX9iSBLeeAOyQCpobh6-AhUA@mail.gmail.com>
	<CAKzdR-paqYgOxToikaVD=0GMsCjHBaynX3WgB-CN6Sn7B7kRXw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="aq2kv5qp3v6gcggu"
Content-Disposition: inline
In-Reply-To: <CAKzdR-paqYgOxToikaVD=0GMsCjHBaynX3WgB-CN6Sn7B7kRXw@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
X-Server-Quench: c3c18aaa-6be3-11e8-8791-0015176ca198
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZIVwkA IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdgsUEkAaAgsB Am4bWldeVVx7WWE7 bghPaBtcak9QXgdq
	T0pMXVMcUwBhclwB XHkeVh93dwAIcXdy ZAgxXSNaVBUrJFt7
	EBtXCGwHMG99YGcW UV1YdwJRcQRMLU5E Y1gxNiYHcQ5VPz4z
	GA41ejw8IwAXFD5I WR0AIRoXTFwIGjN0 WwoPEH0jEFUZR209
	KAZuMVcSEQ4NIg0z N1AlREkZNBlwQhVE GEZDG2dGJkUBQDc3
	RQoSRkkQDHVTRj1f agAA
X-Authentic-SMTP: 61633532353630.1038:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 52.5.185.120/25
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Trusted merkle tree depth for safe tx inclusion
 proofs without a soft fork
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jun 2018 12:51:06 -0000


--aq2kv5qp3v6gcggu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jun 09, 2018 at 01:03:53PM +0200, Sergio Demian Lerner wrote:
> Hi Peter,
> We reported this as CVE-2017-12842, although it may have been known by
> developers before us.

It's been known so long ago that I incorrectly thought the attack was ok to
discuss in public; I had apparently incorrectly remembered a conversation I=
 had
with Greg Maxwell over a year ago where I thought he said it was fine to
discuss because it was well known.

My apologies to anyone who thinks my post was jumping the gun by discussing
this in public; cats out of the bag now anyway.

> There are hundreds of SPV wallets out there, without even considering oth=
er
> more sensitive systems relying on SPV proofs.
> As I said we, at RSK, discovered this problem in 2017. For RSK it's very
> important this is fixed because our SPV bridge uses SPV proofs.
> I urge all people participating in this mailing list and the rest of the
> Bitcoin community to work on this issue for the security and clean-design
> of Bitcoin.

My post is arguing that we *don't* need to fix the attack, because we can m=
ake
pruned nodes invulerable to it while retaining the ability to verify merkle
path tx inclusion proofs.

As for SPV, there is no attack to fix: they can be attacked at much lower c=
ost
by simply generating fake blocks.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--aq2kv5qp3v6gcggu
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEFcyURjhyM68BBPYTJIFAPaXwkfsFAlsbzS8ACgkQJIFAPaXw
kfsaSQf/T3IEcE4yl4Xna/Su70C7y1jOCHK2wTLK/Zd4xwm2GwRUutmEthDwcDHp
JJNgNMd9bkBQqXPTlWlnL602nXurLfyGfwoi9GG7Kg27vfqaFtod/nD/uKlUf4I4
Gep6J4mCGu0tAT3J0wG2rmAzWetXfgYCahvc12rsnWop1/kRDGuzmWHQPR6C0Nwx
DoIESSNArAJedP+ACdQ5vLhgYKjlPzilVD9sql8egxKolE7Mx4E2XuqZVdCaHPfi
+smO/lS82umXzoCXQcaoz3JfBVG45Tsl4+Czt//Wmn+d47B/h7k7M9KZMKycRGCf
V7dkzOlRlGkEypNarMY0T2d56Xq18Q==
=SFsE
-----END PGP SIGNATURE-----

--aq2kv5qp3v6gcggu--