1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1Uca2f-0000AZ-1E
for bitcoin-development@lists.sourceforge.net;
Wed, 15 May 2013 11:38:45 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.95 as permitted sender)
client-ip=62.13.148.95; envelope-from=pete@petertodd.org;
helo=outmail148095.authsmtp.com;
Received: from outmail148095.authsmtp.com ([62.13.148.95])
by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1Uca2c-0004eH-R3 for bitcoin-development@lists.sourceforge.net;
Wed, 15 May 2013 11:38:45 +0000
Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232])
by punt8.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id r4FBca2f092805
for <bitcoin-development@lists.sourceforge.net>;
Wed, 15 May 2013 12:38:36 +0100 (BST)
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r4FBcRcK001208
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
for <bitcoin-development@lists.sourceforge.net>;
Wed, 15 May 2013 12:38:30 +0100 (BST)
Date: Wed, 15 May 2013 07:38:27 -0400
From: Peter Todd <pete@petertodd.org>
To: Bitcoin-Dev <bitcoin-development@lists.sourceforge.net>
Message-ID: <20130515113827.GB26020@savin>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="CdrF4e02JqNVZeln"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: f793df3b-bd53-11e2-b10b-0025903375e2
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVJwpGK10IU0Fd
P1hXKl1LNVAaWXld WiVPGEoXDxgzCjYj NEgGOBsDNw4AXgB1
LRkAXVBSFQZ4AB4L BRYUURk8cANYeX5u ZEFqQHFbVVt/fUFi
QwAWERt0NgUzE2Af UUJYf01ReAFMMElC Y1MrAnBffDdTY3l9
RlY+ZXU7ZG1VbXwN GFxcdQlJHhsGRChm bSwpVS8iAkQfS209
KAZuL1cfHUAeel0o NlEoU1scMgQOCwYW E0ZQCitUYkIZSiwn
DAVVFVAfGXVWRiFS BhwjPh5ODV4aRjBR AlBMQA0ODCVeGCRB Uyc1
X-Authentic-SMTP: 61633532353630.1019:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1Uca2c-0004eH-R3
Subject: [Bitcoin-development] 2BTC reward for making probabalistic
double-spending via conflicting transactions easy
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2013 11:38:45 -0000
--CdrF4e02JqNVZeln
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Now that I have the replace-by-fee reward, I might as well spread the
wealth a bit.
So for all this discussion about replace-by-fee and the supposed
security of zero-conf transactions, no-one seems to think much about how
in practice very few vendors have a setup to detect if conflicting
transactions were broadcast on the network simultaneously - after all if
that is the case which transaction gets mined is up to chance, so much
of the time you'll get away with a double spend. We don't yet have a
mechanism to propagate double-spend warnings, and funny enough, in the
case of a single txin transaction the double-spend warning is also
enough information to allow miners to implement replace-by-fee.
So I'm offering 2BTC for anyone who comes up with a nice and easy to use
command line tool that lets you automagically create one version of the
transaction sending the coins to the desired recipient, and another
version sending all the coins back to you, both with the same
transaction inputs. In addition to creating the two versions, you need
to find a way to broadcast them both simultaneously to different nodes
on the network. One clever approach might be to use blockchain.info's
raw transaction POST API, and your local Bitcoin node.
If you happen to be at the conference, a cool demo would be to
demonstrate the attack against my Android wallet. I'll buy Bitcoins off
of you at Mt. Gox rates + %10, and you can see if you can rip me off.
Yes, you can keep the loot. :) This should be videotaped so we can put
an educational video on youtube after.
--=20
'peter'[:-1]@petertodd.org
00000000000000bafd0a55f013e058cc2a672ee0c66b9265a02390d80e4748f5
--CdrF4e02JqNVZeln
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJRk3OzAAoJECSBQD2l8JH73jQH/0ocmPRauMEAnWWggVPTHaO5
rLRvPQRISz0Z6e50JnKoo3djn6kak/dj/p3TPYzg+0Pa/uHsSNVYe6S/l53s7Ew3
t2zjPO6ONIwISzjNCEsf66/1gWIaSMR5bNJdjEWiIz/0UkclYd3t6AQIUQKlZKBY
MOPS+G3i/hoVv1Kk4bUy8fpWIqW5bsLruHlBe7IV0H144CsWq1pqpmel6PEX9jps
IT7lCy5s+999t4qseNvnJDHmYCauqFCtFcLYhfYdpXMoxGd1Op5C7wY4CAzxBAM5
Zo+g6J6hWrzz5ziu70/pQoLElaRcc2wGP7kFl7UM5ZeQQSxuAbK1TOzBTejF5SY=
=4vYf
-----END PGP SIGNATURE-----
--CdrF4e02JqNVZeln--
|