1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
|
Return-Path: <contact@taoeffect.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 7142BB4B
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 6 Jun 2017 23:19:42 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from homiemail-a38.g.dreamhost.com (homie.mail.dreamhost.com
[208.97.132.208])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8505315F
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 6 Jun 2017 23:19:41 +0000 (UTC)
Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1])
by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 0138010AFB8;
Tue, 6 Jun 2017 16:19:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h=
content-type:mime-version:subject:from:in-reply-to:date:cc
:message-id:references:to; s=taoeffect.com; bh=QEkg0vSJ1wCXOB/XN
/F6vlju6KI=; b=b7cj0P4jFY3omoNN1QExs+aefjRpOe8J2wWeYGlIKdqJUobSJ
OvVjv6pJO6kqovWgBq/XI3o3sxpP8MeIMz7GBtybXs/3uEzDw/djvl6ausPKvKS6
R2+TKfqFRiWEqUO9PaHTIs5stbzSIAXJQrOLuvsxCijb+bVoOkdDz1Jllk=
Received: from [192.168.42.64] (184-23-255-227.fiber.dynamic.sonic.net
[184.23.255.227])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender: contact@taoeffect.com)
by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 8ECAC10AFB5;
Tue, 6 Jun 2017 16:19:40 -0700 (PDT)
Content-Type: multipart/signed;
boundary="Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996";
protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <201706062308.12531.luke@dashjr.org>
Date: Tue, 6 Jun 2017 16:19:39 -0700
X-Mao-Original-Outgoing-Id: 518483979.256879-77d63ffa95455ed930001d8844c73281
Message-Id: <3F598630-86AA-4ACC-AD71-BB594767276C@taoeffect.com>
References: <31833011-7179-49D1-A07E-8FD9556C4534@taoeffect.com>
<201706062308.12531.luke@dashjr.org>
To: Luke Dashjr <luke@dashjr.org>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 06 Jun 2017 23:27:03 +0000
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 23:19:42 -0000
--Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996
Content-Type: multipart/alternative;
boundary="Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63"
--Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> Replay is a solved problem.
Point to this solved problem?
Your "solution" here is not a solution:
=
https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_we_have_=
an_educated_discussion/diey21t/?context=3D3 =
<https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_we_have=
_an_educated_discussion/diey21t/?context=3D3>
> This is nothing but unfounded FUD. It is very simple to implement and
> guaranteed to work eventually. It may be time consuming, but that is =
the only
> truth here. The only risk is that of a long reorg, the same as double =
spend
> attacks.
Let's assume you invented a simple way to double-spend txns to self =
(which you haven't, fyi), then that is an issue in of itself as the =
point of bitcoin is to *prevent* double-spending to self.
There would need to be much more time for the community to discuss the =
implications of wallets have a "double-spend to self" button in them.
> What kind of "fungibility" does this FUD claim it destroys? Destroying =
cross-
> chain fungibility is the very *intent* of replay protection. And it =
does not
> destroy same-chain fungibility any more than any other miner spending.
Yes it does destroy same-chain fungibility, as discussed on twitter [1], =
you're making miner coins special on both chains.
> Lack of replay protection does not mean there is no coin.
It effectively does. If people want to proceed blindly, ignoring replay, =
they're welcome to read about the consequences [2].
[1] https://twitter.com/taoeffect/status/872226556571131905 =
<https://twitter.com/taoeffect/status/872226556571131905>
[2] http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8 =
<http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8>
--
Please do not email me anything that you are not comfortable also =
sharing with the NSA.
> On Jun 6, 2017, at 4:08 PM, Luke Dashjr <luke@dashjr.org =
<mailto:luke@dashjr.org>> wrote:
>=20
> On Tuesday 06 June 2017 10:39:28 PM Tao Effect via bitcoin-dev wrote:
>> I believe the severity of replay attacks is going unvoiced and is not
>> understood within the bitcoin community because of their lack of
>> experience with them.
>=20
> Replay is a solved problem. It can be improved on and made simpler, =
but at
> this point, replay only occurs when the sender is either negligent or
> intending it.
>=20
>> Both of the coin-splitting techniques given so far by the proponents =
BIP148
>> are also untenable:
>>=20
>> - Double-spending to self with nLockTime txns is insanely =
complicated,
>> risky, not guaranteed to work, extremely time consuming, and would =
likely
>> result in a massive increase in backlogged transactions and increased
>> fees.
>=20
> This is nothing but unfounded FUD. It is very simple to implement and
> guaranteed to work eventually. It may be time consuming, but that is =
the only
> truth here. The only risk is that of a long reorg, the same as double =
spend
> attacks.
>=20
>> - Mixing with 148 coinbase txns destroys fungibility.
>=20
> What kind of "fungibility" does this FUD claim it destroys? Destroying =
cross-
> chain fungibility is the very *intent* of replay protection. And it =
does not
> destroy same-chain fungibility any more than any other miner spending.
>=20
>> Without a coin, there is no real threat from BIP148.
>=20
> Lack of replay protection does not mean there is no coin. Replay =
protection is
> equally a concern for the main (BIP148) chain and any legacy chains =
malicious
> miners might choose to split off. And none of this changes the fact =
that such
> miners will be unable to sell their legacycoins at Bitcoin market =
prices,
> because whether other transactions are replayed or not, *their* coins =
won't be
> valid on the main chain.
>=20
> Luke
--Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" content=3D"text/html=
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><blockquote type=3D"cite" class=3D"">Replay is a solved =
problem.</blockquote><div class=3D""><br class=3D""></div>Point to this =
solved problem?<div class=3D""><br class=3D""></div><div class=3D"">Your =
"solution" here is not a solution:</div><div class=3D""><br =
class=3D""></div><div class=3D""><a =
href=3D"https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_time_=
we_have_an_educated_discussion/diey21t/?context=3D3" =
class=3D"">https://www.reddit.com/r/Bitcoin/comments/6f1urd/i_think_its_ti=
me_we_have_an_educated_discussion/diey21t/?context=3D3</a></div><div =
class=3D""><br class=3D""></div><div class=3D""><blockquote type=3D"cite" =
class=3D"">This is nothing but unfounded FUD. It is very simple to =
implement and <br class=3D"">guaranteed to work eventually. It may =
be time consuming, but that is the only <br class=3D"">truth here. =
The only risk is that of a long reorg, the same as double spend <br =
class=3D"">attacks.</blockquote><br class=3D""></div><div class=3D"">Let's=
assume you invented a simple way to double-spend txns to self (which =
you haven't, fyi), then that is an issue in of itself as the point of =
bitcoin is to *prevent* double-spending to self.</div><div class=3D""><br =
class=3D""></div><div class=3D"">There would need to be much more time =
for the community to discuss the implications of wallets have a =
"double-spend to self" button in them.<br class=3D""><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><div class=3D""><blockquote =
type=3D"cite" class=3D"">What kind of "fungibility" does this FUD claim =
it destroys? Destroying cross-<br class=3D"">chain fungibility is the =
very *intent* of replay protection. And it does not <br =
class=3D"">destroy same-chain fungibility any more than any other miner =
spending.</blockquote><br class=3D""></div><div class=3D"">Yes it does =
destroy same-chain fungibility, as discussed on twitter [1], you're =
making miner coins special on both chains.</div><div class=3D""><br =
class=3D""></div><div class=3D""><blockquote type=3D"cite" class=3D"">Lack=
of replay protection does not mean there is no coin.</blockquote><br =
class=3D""></div><div class=3D"">It effectively does. If people want to =
proceed blindly, ignoring replay, they're welcome to read about the =
consequences [2].</div><div class=3D""><br class=3D""></div><div =
class=3D"">[1] <a =
href=3D"https://twitter.com/taoeffect/status/872226556571131905" =
class=3D"">https://twitter.com/taoeffect/status/872226556571131905</a></di=
v><div class=3D"">[2] <a =
href=3D"http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1b8"=
=
class=3D"">http://gist.github.com/taoeffect/c910ebb16d9f6d248e9f1f3c6e10b1=
b8</a></div><div class=3D"">
<span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
14px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; font-variant-ligatures: normal; =
font-variant-position: normal; font-variant-numeric: normal; =
font-variant-alternates: normal; font-variant-east-asian: normal; =
line-height: normal; orphans: 2; widows: 2;" class=3D""><br =
class=3D"Apple-interchange-newline">--</span><br style=3D"color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""><span style=3D"color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D"">Please do not email me anything that you are not =
comfortable also sharing</span><span style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""> with the NSA.</span>
</div>
<br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Jun 6, 2017, at 4:08 PM, Luke Dashjr <<a =
href=3D"mailto:luke@dashjr.org" class=3D"">luke@dashjr.org</a>> =
wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div =
class=3D"">On Tuesday 06 June 2017 10:39:28 PM Tao Effect via =
bitcoin-dev wrote:<br class=3D""><blockquote type=3D"cite" class=3D"">I =
believe the severity of replay attacks is going unvoiced and is not<br =
class=3D"">understood within the bitcoin community because of their lack =
of<br class=3D"">experience with them.<br class=3D""></blockquote><br =
class=3D"">Replay is a solved problem. It can be improved on and made =
simpler, but at <br class=3D"">this point, replay only occurs when the =
sender is either negligent or <br class=3D"">intending it.<br =
class=3D""><br class=3D""><blockquote type=3D"cite" class=3D"">Both of =
the coin-splitting techniques given so far by the proponents BIP148<br =
class=3D"">are also untenable:<br class=3D""><br class=3D"">- =
Double-spending to self with nLockTime txns is insanely complicated,<br =
class=3D"">risky, not guaranteed to work, extremely time consuming, and =
would likely<br class=3D"">result in a massive increase in backlogged =
transactions and increased<br class=3D"">fees.<br =
class=3D""></blockquote><br class=3D"">This is nothing but unfounded =
FUD. It is very simple to implement and <br class=3D"">guaranteed to =
work eventually. It may be time consuming, but that is the only <br =
class=3D"">truth here. The only risk is that of a long reorg, the same =
as double spend <br class=3D"">attacks.<br class=3D""><br =
class=3D""><blockquote type=3D"cite" class=3D"">- Mixing with 148 =
coinbase txns destroys fungibility.<br class=3D""></blockquote><br =
class=3D"">What kind of "fungibility" does this FUD claim it destroys? =
Destroying cross-<br class=3D"">chain fungibility is the very *intent* =
of replay protection. And it does not <br class=3D"">destroy same-chain =
fungibility any more than any other miner spending.<br class=3D""><br =
class=3D""><blockquote type=3D"cite" class=3D"">Without a coin, there is =
no real threat from BIP148.<br class=3D""></blockquote><br class=3D"">Lack=
of replay protection does not mean there is no coin. Replay protection =
is <br class=3D"">equally a concern for the main (BIP148) chain and any =
legacy chains malicious <br class=3D"">miners might choose to split off. =
And none of this changes the fact that such <br class=3D"">miners will =
be unable to sell their legacycoins at Bitcoin market prices, <br =
class=3D"">because whether other transactions are replayed or not, =
*their* coins won't be <br class=3D"">valid on the main chain.<br =
class=3D""><br class=3D"">Luke<br =
class=3D""></div></div></blockquote></div><br =
class=3D""></div></body></html>=
--Apple-Mail=_9F7FD7C8-3EB9-475B-8F88-E8A90F1E2D63--
--Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZNziLAAoJEOxnICvpCVJHjAcP/igl+MVBQJRU18xQ9kL65ihq
thkqYIdRBawx5AAB7GOvArBrLirAp2BtWyrCO4FiICoRHwcxBOb44oVlyJulMnub
Llt6k3PPJuqgWopJvm26B/QZyV08ye/AxB3JLMXzA/9hwGHDCCWg83s2cCzsfZpd
0PfKFDgM6XGypoPc//EidhLBScbhZlhbPIJuduiD2LxZo8hbG+PU9PuJIOtigJaF
aL2n2xdK76axNwRUo+SqyugbDATLI86JTIZyrfk6P6/zDAUxoMPWTM+16nCaQ9/A
47uaBxistLhbbkREDfX+q9TXtZoWRgO7zb9rhTbG6G6elbv2QAiyv+o1ep0eqb6a
aqrzeZKpkXAYXMMpD2GwZnJLVQ7cyB/aJZs4T+IQ8ew6RNGv7yVdM2bT+gTHHuZ1
JpfIbzMcELLKqD6weqH85C1icL+DmYgu7iPqiMIa6lZ+1KqQXVHG3+UDadyqf/0q
UBqmBm3Oe6Gz7+HwXa998xdZ7tk5JudisvifUrb1+OPpExdzbXQIV6bxDR1OnVYd
j+ZzTiI0saHc5vkP7FXcfNve9/xcDPl5ZRr1CKKsznvT2AwDIiAGLmCOMKOohUl2
jJt7dcPwYDkqF0iEtBuB4lkcf3716kReEFUFWcWj+ITraycZsyzbKM0Xc841Ztnc
3K6BoIvl2hH62RSwPWtd
=C1co
-----END PGP SIGNATURE-----
--Apple-Mail=_A0050C50-2F62-4F4F-9D06-517E94EA3996--
|