1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
Return-Path: <pete@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 60507FFF
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 29 Dec 2015 05:36:12 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from outmail149101.authsmtp.com (outmail149101.authsmtp.com
[62.13.149.101])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 70A8AA5
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 29 Dec 2015 05:36:11 +0000 (UTC)
Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247])
by punt21.authsmtp.com (8.14.2/8.14.2/) with ESMTP id tBT5a9Gi014304
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 29 Dec 2015 05:36:09 GMT
Received: from muck ([24.114.23.118]) (authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id tBT5a0Qn045532
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 29 Dec 2015 05:36:04 GMT
Date: Mon, 28 Dec 2015 21:35:59 -0800
From: Peter Todd <pete@petertodd.org>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20151229053559.GA8657@muck>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO"
Content-Disposition: inline
X-Server-Quench: 0e157fdd-adee-11e5-bcde-0015176ca198
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVJwpGK10IU0Fd
P1hyKltILEZaQVBf Ri5dBBEKBAw1ADwr dVUTOktfa1U6ClZ1
UkhIR0JSEQ9rBxYB A1AcVgdzdgFYen1u ZEdqQXVTW1t7OwIP
JksFFQxYZWNlbWMd HkJcdwcacFZLexgT PgRiBSdYNHgGZy9l
WgU4Mz10ZW0GdX0K HAoEdANCV3kGVjU1 QVgeBzQxHEQBQzR7
IR02YkcBFUoLO1kz OhMKeX8zECQzJUVB Hl1NSCYRPFgEXy4m
RRhdU1JbHjpHQkUU BxokIxFZAzpdEihF H1cNcBAADSpZTTNF aD9GUm1sZAAA
X-Authentic-SMTP: 61633532353630.1038:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 24.114.23.118/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [bitcoin-dev] We can trivially fix quadratic CHECKSIG with a simple
soft-fork modifying just SignatureHash()
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2015 05:36:12 -0000
--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Occured to me that this hasn't been mentioned before...
We can trivially fix the quadratic CHECK(MULTI)SIG execution time issue
by soft-forking in a limitation on just SignatureHash() to only return
true if the tx size is <100KB. (or whatever limit makes sense)
This fix has the advantage over schemes that limit all txs, or try to
count sigops, of being trivial to implement, while still allowing for a
future CHECKSIG2 soft-fork that properly fixes the quadratic hashing
issue; >100KB txs would still be technically allowed, it's just that
(for now) there'd be no way for them to spend coins that are
cryptographically secured.
For example, if we had an issue with a major miner exploiting
slow-to-propagate blocks(1) to harm their competitors, this simple fix
could be deployed as a soft-fork in a matter of days, stopping the
attack quickly.
1) www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03200.=
html
--=20
'peter'[:-1]@petertodd.org
0000000000000000094afcbbad10aa6c82ddd8aad102020e553d50a60b6c678f
--2oS5YaxWCcQjTEyO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
iQGrBAEBCACVBQJWghu8XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAwOTRhZmNiYmFkMTBhYTZjODJkZGQ4YWFkMTAyMDIwZTU1
M2Q1MGE2MGI2YzY3OGYvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQwIXyHOf0udxdmAf+Ku70Xx0I7gKYW8xS/pMVb6AF
5nql+JGdfOG6rcSpGirpf/VbDfFN3h0cuP9OsjpOL822XpwTZUcofaoD2/ZrvzeA
r/D72oDx8pBR/esTCoqCmXoEwTV0ZyPUn0+phCHGJtek5NWtAEwkkb9rlS+TXyE+
mw4gX1wioxXxrGzmPbWiTIxSSWH1kd39WMSPz3oC7QdFh0JHVldF9r2D2lqrNI+1
QsIinH7V9Wm/xS37bjmHHi7Omgtmhf2DoV8f65IC0kAeMmFERgXKDaK1ZvuMUFtg
7kOgXqNmh5qWlUWxbXs5xNi1CNRVrnR38wEV1Bf0U90WN8SnXTYYzh2gsuCKCw==
=Y3Ky
-----END PGP SIGNATURE-----
--2oS5YaxWCcQjTEyO--
|
