summaryrefslogtreecommitdiff
path: root/9c/12c143d9b118364390466824bcecd526f8af5c
blob: c95ce8385396d41c29de802614dcf42d9423faad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <gcbd-bitcoin-development@m.gmane.org>)
	id 1RhtLm-0002FY-ES for bitcoin-development@lists.sourceforge.net;
	Tue, 03 Jan 2012 01:39:38 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of m.gmane.org
	designates 80.91.229.12 as permitted sender)
	client-ip=80.91.229.12;
	envelope-from=gcbd-bitcoin-development@m.gmane.org;
	helo=lo.gmane.org; 
Received: from lo.gmane.org ([80.91.229.12])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1RhtLk-0003DN-VW for bitcoin-development@lists.sourceforge.net;
	Tue, 03 Jan 2012 01:39:38 +0000
Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <gcbd-bitcoin-development@m.gmane.org>)
	id 1RhtLZ-0008W7-2X for bitcoin-development@lists.sourceforge.net;
	Tue, 03 Jan 2012 02:39:25 +0100
Received: from 169.229.3.184 ([169.229.3.184])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00 for <bitcoin-development@lists.sourceforge.net>;
	Tue, 03 Jan 2012 02:39:25 +0100
Received: from tyrell.elden by 169.229.3.184 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00 for <bitcoin-development@lists.sourceforge.net>;
	Tue, 03 Jan 2012 02:39:25 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: bitcoin-development@lists.sourceforge.net
From: Elden Tyrell <tyrell.elden@gmail.com>
Date: Mon, 2 Jan 2012 17:39:09 -0800
Message-ID: <jdtm7t$4ed$1@dough.gmane.org>
References: <jdrds3$3tf$1@dough.gmane.org>
	<CAAS2fgTOZKM9c=UvfVW1rajnPQVQMNS4mR5KUqq8p0HreG=vuQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: 169.229.3.184
User-Agent: Unison/2.1.6
X-Spam-Score: -0.7 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(tyrell.elden[at]gmail.com)
	-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
	0.0 DKIM_ADSP_CUSTOM_MED   No valid author signature, adsp_override is
	CUSTOM_MED
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.9 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
	-1.3 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain 1.2 NML_ADSP_CUSTOM_MED    ADSP custom_med hit,
	and not from a mailing list
X-Headers-End: 1RhtLk-0003DN-VW
Subject: Re: [Bitcoin-development] does "stubbing" off Merkle trees reduce
	initial download bandwidth?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 01:39:38 -0000

On 2012-01-02 14:41:10 -0800, Gregory Maxwell said:
> make this possible: https://bitcointalk.org/index.php?topic=21995.0

Neat!  I had a similar idea but you've clearly beat me to [a big part of] it.


> Er, no—  if a node controls the private keys for a transaction, and
> that transaction makes it into the chain then it can safely assume
> that its unspent (at least once its buried a few blocks into the
> chain).

I'm not so sure about that.  If you accept X successor blocks as proof 
that none of the transactions in a block re-used an output, then the 
cost of attacking is X*50BTC since the hashpower needed for the attack 
could have earned that much reward.

However, an attacker could use the same faked X-block sequence to 
attack multiple clients by putting several double-spend transactions in 
the first faked block.  This would spread out the cost over more than 
one attack.  So simply checking that the value of the transaction is 
less than X*50 isn't necessarily enough, although the logistics of the 
attack aren't exactly easy.

There's also the question of knowing what the difficulty for those X 
blocks ought to be.  If the attacker controls your network connection 
(e.g. your ISP attacks you) you wouldn't be able to get a second 
opinion on how high the difficulty ought to be, and might get fooled by 
X very-low-difficulty blocks that were each produced with a lot less 
than 50BTC worth of hashpower.

  - e