1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
Return-Path: <braydon@purse.io>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id B661616F5
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Oct 2019 00:38:38 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com
[209.85.215.182])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5A3E034F
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Oct 2019 00:38:38 +0000 (UTC)
Received: by mail-pg1-f182.google.com with SMTP id d26so2733268pgl.7
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 03 Oct 2019 17:38:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=purse.io; s=google;
h=to:from:subject:openpgp:autocrypt:message-id:date:user-agent
:mime-version:content-transfer-encoding:content-language;
bh=Ao/1XEWlQiiQA82lkUQFwpUgzFSbqIf57rvxc2XL4Pw=;
b=TQ7icnhXDwo+x0iOxVRIINgoMUOsMvuLW31i+5GLDARqM1Yt+cO/AIjUwZmGlEJYH6
BuZ7yHmOZVeW4c/k6Ldl8kZZqB4JLTlntpsH27daUtbaq7SMbk5hGq+wFLEc6HfDw4Ol
jAo3EjLg/1j21j0G3UrQ1+5qFWX8i2wD/9nQM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:to:from:subject:openpgp:autocrypt:message-id
:date:user-agent:mime-version:content-transfer-encoding
:content-language;
bh=Ao/1XEWlQiiQA82lkUQFwpUgzFSbqIf57rvxc2XL4Pw=;
b=MTCQXbqz8+dHLWY+6X6rHitHoylyXjTb39TTqLBzaj33w6GQYuaFQjo10OSRgJ7op2
6pCRYhLLIlaM2k2RcQZjImhIy5AZy/f7Tm3Q/v8rftZpuV/cMgNEpPuxDkdZbs0xz3Cq
z1uyrCIUzP/CZhCMYNdpQ/AbP8NNj9vl4qeeBYJDPfGVE//xAOGJWQB3Pkx07MsPddxX
715e+L0LLaPdg2YgEvb+vS3j/X1D46prfBvakMv3As+JUGZY5LPSu244oykkf/+1dwT2
drNkMFy2JzeMe2DaENIp+L6J1o/KfzgnFDBQoH8TdazbaLIofWeMn5ktWnUp5EzGgwbg
FUsQ==
X-Gm-Message-State: APjAAAXYV0jpZZ/YD6z+o0weGcpfOQnZPro8esR+tvRpndnp6iahC+W8
YbN0FF5mYlqCIhqJvwLEQOoYoQTf+xY=
X-Google-Smtp-Source: APXvYqyjW003irdLqAx8oxzxkptbk2zj1poPsPwr/bs5CTS114p1dOb06m3J22S4w3BA9oychXnulw==
X-Received: by 2002:aa7:818a:: with SMTP id g10mr14160759pfi.41.1570149517582;
Thu, 03 Oct 2019 17:38:37 -0700 (PDT)
Received: from [10.0.0.199] ([198.244.101.193])
by smtp.gmail.com with ESMTPSA id w10sm1972326pjq.3.2019.10.03.17.38.36
for <bitcoin-dev@lists.linuxfoundation.org>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 03 Oct 2019 17:38:36 -0700 (PDT)
To: bitcoin-dev@lists.linuxfoundation.org
From: Braydon Fuller <braydon@purse.io>
Openpgp: preference=signencrypt
Autocrypt: addr=braydon@purse.io; keydata=
xsFNBFsEkasBEAC4oPJQsFWAM0OjNJlYUxJbTV8bo1TgXwZdNZWewG6fvQQ+iGGImy/a5h10
/9V+/Ctio8ayAfpk6V3z/vxq8IdPVcsWccHLnguaAEEhYnKdGZfsohcQMO4LR63R6vPrUYUJ
ehVzt2YZ5F495iRDKwbQLXbmXF9vLtaKuf/6hbVmlG7bM59eVKcvpE8EKm95Lpw+CBE3uKc3
RxTcKHgo6QrkClm19GNDDkmHxM/k+hGT3M+sXGhgpL2940AGKsXuTPghgLQ+5seBWtzuWV31
Uf0ltHx6Ks1w0mlgZZ+u4wlljMHIBKLr4cYDOF8AYxyVcPzuQLdRjIIKEgpMDQW7ftbgGM/q
hgGg2mN036KTUfT1HkmT82Z3D3z4ACJ/bY/J+mJw0baqcJpezndd1M6dnDNF9Slst2Mr+Loe
JdN1tY5kk6/OWwAI5L15hmdiRWUBryJqun7sy23cmVPSOrtaIfl7/SEFJ+MuXbK53+mFGT2P
CpdRzV4MrKr9qbBaXkkhvEfoL2z6VwIFBprqZjthPHcHR8r6QSTpZdsD+7+qoq2o4MDUqP54
5a3kGI3l6VW767VE/NUIocyO7Z9D/EZOCk22ElTLTCzWm0JvxxGJoalebLQcGey/A9WWGOv/
ydwvTry3PWAzrrXNt43McHHwZXU4vSLnAtAxQy06Nt9wsWo+2QARAQABzSFCcmF5ZG9uIEZ1
bGxlciA8YnJheWRvbkBwdXJzZS5pbz7CwZcEEwEIAEECGwMFCwkIBwIGFQgJCgsCBBYCAwEC
HgECF4ACGQEWIQRbfcWNkP7B6ZCjELryTyMtEIs61AUCXL9UPwUJA5v2FAAKCRDyTyMtEIs6
1HOwEACedBLpkYrFeLANxD25USZunMt4KA58ZkY7Ap2m7KFcxjZD07YIjtxJyMLhHhMz6pR7
fF5BFHbl8CtAhpTuz5Sj9X3K0eilNsXvdx18+3RMUpFVAwlEEev707q6zNqKsRd1CG7e0k4o
28YAgwbt42UIPUoKTcEpT4C51sDa5d4NZsGnFcXeEdpBSQVi56vap0eJrQTSFpV0sG497HNN
p96ErrGpqlOkTofcBeytpQbhH9kbP58PMABwU3tmoMFhT0kklPPZatv7RDLmC8cra5muXEwd
wv7ggauHbMbV3U1xZ/BNPwHm7jO1ygqR6Q4Y98miRUP4yH9SJsnr+q7bpD4yOUy/qP0Ve0Y0
jFgX4e4DrnckO/2rG4lB2SbKiAWAOW5aGTnUAZt6agegXY62kHpuUHGcgYkeQqDWKLZWjFAA
vj8Gm5f+1thWk+4I0rFQBtaAoitd+qKPWFYSojjvKH4PLqoOV413qxZbrRlGxZb2TkJnxYpO
imOq/H6bHCnJUA8NI1v5rXmGQXfwhofMX9dHpGK864G+i59AX9L0EEQngDXZPlSEkyISaBY7
JFBhuIPcY8MrhUkNWl1G2RcssjHeexmo2qNrKH4bWFF7xCCTmdGUSoHzaHDe/cIqmI0aRkqf
HQ4MpadD8flLLMqV/ODYfpSD3AuwM/m8Uj9nvfnMRs7BTQRbBJGrARAA3+SVdBJUThjPx/J5
G4A1dd2vKVRRprW+pyJ0XDbNrRVOEnxr3okz2F4Htg72oULwsNcuCmgFxDlxIFMitzZAWbuL
fq9FR7snaW3PMlkj44eezq3emYXVv3C3lc6MudAOqkQKNzakyaA/6cNVlQnVmrpctpFHtUNi
oeivM9IeCP52scTH84qeRZofmnedc3FAxKMJ9OZi4Miigsd/DhzhUqbAePrCMlQQsM/HXSNs
2qoMK3Bo6lcHzV7qyI9w19tmFouX06ULnAAM1dJZcCUL31FLtaIrGbcXA+99a8dlOUb68rj9
9H3V3zDjJscDBgJ2mziuuS/naG/NK+RVhVh3KqtViC62nGgA1tS1aLKZ7KDeyzu4FiE2bCPh
6b4IlIQijzqwTyPJt+0Muf2FYxir9GwgMnVqJ/fYaT671RCcUrkq2krVzdHq/HX7A8Hyfftc
BMEt4yZJt/bZ7ryyWJ8PlQJP3HGqz+hpHmwrwmJgj5RbmktVMw3RAEipJrEHD1Q7wIhPNYpy
6FIwFlDxwpUQOUYGEZYww9LRZiapN0FeDcFp6CUMRgJH24ZQzFk8J5N4PAzZrIZfQba71bDA
z3902PDt66qiIiG2muTbd8eIeCzx9RxWhDmQclzXn5WxfPU6l0E9NgLNFoNCppLaTz2S/Gxw
ZzrSduMLfVlhKPDjv2EAEQEAAcLBZQQYAQIADwUCWwSRqwIbDAUJAeEzgAAKCRDyTyMtEIs6
1MLqD/9vMXLRhe5w6oBKuL0tj+ChLhkQEM66Q7O4urWmvl8yf/ThNi0/LydGAYawCUWud2ph
aOg4vH0IUvUhlLDRcYc2MdfwJi8aj8G7YC/OUKwwFDfYyY9zIk1C5yXn6LigkjOL0PyYI0MM
2gk64t/PK+Rny8jz6QjwZ4AMsoTpo698LSYS7LcvOETp+3yz0LYtkPP36FqoG2hudjh015Gk
DSIHWckot4TJXK8OOHOuKwUz2fteGsFeM4bmTiArCRXsAkRWo0VbA6hPinK0Zr/xLNSYIx94
IXe5q9ISZc6ceuWyisVsUZxUgJJGyNSvXXwx4zoSS7BXyTo7syjpKd09nhCL3QGfuHugJ/1/
DCaNtKUu2C+rUe1Ux6/qteCVUsAM+bDfDBQ/vS1tnyn9OVBTOZqXvChL4f+MAN2Wws/+Llxw
DqGMX6YC/ZBWM56XGApL1zj93nygxbN8s8yXqqMQNghTjwj9IqyaNQcKO/AslSmFlW6RXz1Y
RDT4mSKdAogbdDqmguGc05kUaOSkqSb0bL34iQ/dm4PyVxjSGSDRr8TQOjQGz0rSEh6Q+LZ9
zRltkmEMkdkyWQZ4tYsBbQv2TU+tCfKMIUCZ7xEHuvjAKZIms9Ers3zVS+PcRr9i6mvMtbNM
ufP9MwSx7PqsHuv/PWdoI3uwanxYzk1GTLALMsy2icLBfAQYAQIAJgIbDBYhBFt9xY2Q/sHp
kKMQuvJPIy0QizrUBQJcv1RFBQkDm/YaAAoJEPJPIy0QizrUjvoP/R6Wi8Ol1QiOWrxLZyL9
NYtU1Q+P46R8Q0d6gFRkrC9MKJlzaTRzPxdaWyJURnh1pXHbykB3/b6Bg/WN7o7Wips8KIhL
PzrNUiCZIsrBxUR29no7NzU6o7rSuu/9j5OfiyW/jViRJ3oi1jdYdFx7qx/56j1I54q6NHAk
i2AoG07RbXsRsh0x5vv4VIEFNwRRHmn/d185NTDeoVj9IanVhF6zna9M2iX3AgUOLovF7PiM
d/oF5XDwuzEDiBIorGi4WTqiCDjl7menb657af1DsPV68gKCiVFQNwfbawtUzUBasfaCFkR5
NuXWFqYN/305vlK/IN2GDPrwwOFsQK9pG4fYDDC5Pi9fy9wLrwtlebRuraLCHsiho8mYtEhM
QTU7oQwWga9Ax6BXbnStmX1kEev41CEEvnaVtqzuT0VKJjnre/7z8+bRC1tbqvN5CKTQ1k3d
5uwFqCBOxtoY6NLmYT37zFq34etKgpqCri6lEMtM57icMd4SPaADSXly/EyUTPbb/iGvQVOS
NFPpY30rTBA8rJJ5Iawe1OjG2dcYwKkFfGjGU7bbHp9ClG1d3YM7kDxVkgdIVAWhEY905HB4
KXQZd0eW19JjNwLVMNzgBh07BiaXl16tWY+P7pQdPrbLctiIVqsYx+IU74M7riDEMTGjsosr
lL56VCOJffiN9F1L
Message-ID: <42cd5ffd-63e8-b738-c4ea-13d0699b1268@purse.io>
Date: Thu, 3 Oct 2019 17:38:36 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 04 Oct 2019 02:03:45 +0000
Subject: [bitcoin-dev] Chain width expansion
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Oct 2019 00:38:38 -0000
Hi everyone,
We would like to share a paper for broad discussion, it is titled
"Bitcoin Chain Width Expansion Denial-of-Service Attacks".
From the abstract: The attacks leverage unprotected resources for a
denial-of-service by filling the disk and exhausting the CPU with
unnecessary header and block data. This forces the node to halt
operation. The attack difficulty ranges from difficult to easy. There
are currently limited guards for some of the attacks that require
checkpoints to be enabled. This paper describes a solution that does not
require enabling or maintaining checkpoints and provides improved security.
As the checkpoints in Bitcoin Core have not been maintained or updated
since mid 2014, this is especially relevant. Bitcoin Core implements
headers-first synchronization, since 2014, that provides the base for
the further improvements upon that design.
The paper is available at:
https://bcoin.io/papers/bitcoin-chain-expansion.pdf
The proposed solution has been implemented in Bcoin and is available at:
https://github.com/bcoin-org/bcoin/tree/chain-expansion
Best,
Braydon Fuller
|