1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
|
Return-Path: <contact@taoeffect.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 77366B6B
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 6 Jun 2017 23:31:21 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from homiemail-a38.g.dreamhost.com (homie.mail.dreamhost.com
[208.97.132.208])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BD2A615B
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 6 Jun 2017 23:31:20 +0000 (UTC)
Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1])
by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id A1CF510AFBE;
Tue, 6 Jun 2017 16:31:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h=
content-type:mime-version:subject:from:in-reply-to:date:cc
:message-id:references:to; s=taoeffect.com; bh=0skZ6WN3/AQ7c8/i3
RsXMmGr+Sc=; b=Ar0/cMKzL56LQXsf0oxN6t7fLWBodLPQe1/HSeb0EpcXXXFS2
PRkTxXC20QX4s9iiake9fTRXysD42sZNN5NLYTPDIqUCp6YvxkYF4o2T4JcWZ06y
CcayuFVA+dJ42w2UJD1IxRjhHqx0W9qL4d44dM1Td2Lln5OW5fvi+ueW8k=
Received: from [192.168.42.64] (184-23-255-227.fiber.dynamic.sonic.net
[184.23.255.227])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender: contact@taoeffect.com)
by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 9590610AFBD;
Tue, 6 Jun 2017 16:31:17 -0700 (PDT)
Content-Type: multipart/signed;
boundary="Apple-Mail=_F275864B-9D9F-4D1E-9F9E-4AB962B9D5AC";
protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <38DDC3A2-2727-477E-A6FF-7638842AAB03@taoeffect.com>
Date: Tue, 6 Jun 2017 16:31:17 -0700
X-Mao-Original-Outgoing-Id: 518484676.809484-011cb458f5a77ea11ff2a7f4c7fa2cac
Message-Id: <A6627D4B-F127-4213-A4B0-8040CF91F3CD@taoeffect.com>
References: <31833011-7179-49D1-A07E-8FD9556C4534@taoeffect.com>
<20170606232015.GA11830@erisian.com.au>
<38DDC3A2-2727-477E-A6FF-7638842AAB03@taoeffect.com>
To: Anthony Towns <aj@erisian.com.au>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 07 Jun 2017 00:07:08 +0000
Cc: Anthony Towns via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 23:31:21 -0000
--Apple-Mail=_F275864B-9D9F-4D1E-9F9E-4AB962B9D5AC
Content-Type: multipart/alternative;
boundary="Apple-Mail=_94E46E0B-71DD-44CB-99F1-5162E263A838"
--Apple-Mail=_94E46E0B-71DD-44CB-99F1-5162E263A838
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> CPFP can be used by an attacker to get your original txn into the 148 =
chain.
*err, my bad that's unlikely to happen, if I remember correctly CPFP can =
only be done by the person you're sending the coins to. Coin-mixing =
seems the better option of the two, but shouldn't the BIP148 folks wait =
until it's clear that will be supported by exchanges?
--
Please do not email me anything that you are not comfortable also =
sharing with the NSA.
> On Jun 6, 2017, at 4:27 PM, Tao Effect <contact@taoeffect.com =
<mailto:contact@taoeffect.com>> wrote:
>=20
>> CoinJoin works as a method of both improving fungibility and mixing =
with
>> coinbase transactions.
>=20
> My understanding is that the two situations are quite different.
>=20
> Unlike mixing to coin-split, CoinJoin doesn't create a high demand =
exclusively for coinbase transactions.
>=20
> However, of the proposed methods, coin-mixing seems the better option, =
because it might be reasonably easy (I don't know) for exchanges to =
obtain 148 coinbase coins, and mix their coins with them, extending the =
coin-splitting capability beyond just miner coins and then using that to =
split incoming coins.
>=20
> That seems like the most reasonable approach I've heard so far. =
Whether exchanges would be willing to do that is a separate question.
>=20
>> When it's confirmed on one chain, but not on the other, you
>> can then "double-spend" on the lower hashrate chain with a higher =
fee,
>> to end up with different coins on both chains.
>=20
> This method is time consuming and not guaranteed to work. CPFP can be =
used by an attacker to get your original txn into the 148 chain.
>=20
>> (also, no double-n in untenable)
>=20
> Why thank you aj, you're so good at spelling. :-)
>=20
> Cheers,
> Greg
>=20
--Apple-Mail=_94E46E0B-71DD-44CB-99F1-5162E263A838
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" content=3D"text/html=
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><blockquote type=3D"cite" class=3D"">CPFP can be used by an =
attacker to get your original txn into the 148 chain.<br =
class=3D""></blockquote><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><div class=3D"">*err, my bad =
that's unlikely to happen, if I remember correctly CPFP can only be done =
by the person you're sending the coins to. Coin-mixing seems the better =
option of the two, but shouldn't the BIP148 folks wait until it's clear =
that will be supported by exchanges?</div><div class=3D"">
<span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
14px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; font-variant-ligatures: normal; =
font-variant-position: normal; font-variant-numeric: normal; =
font-variant-alternates: normal; font-variant-east-asian: normal; =
line-height: normal; orphans: 2; widows: 2;" class=3D""><br =
class=3D"Apple-interchange-newline">--</span><br style=3D"color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""><span style=3D"color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D"">Please do not email me anything that you are not =
comfortable also sharing</span><span style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""> with the NSA.</span>
</div>
<br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Jun 6, 2017, at 4:27 PM, Tao Effect <<a =
href=3D"mailto:contact@taoeffect.com" =
class=3D"">contact@taoeffect.com</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><meta =
http-equiv=3D"Content-Type" content=3D"text/html charset=3Dus-ascii" =
class=3D""><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii" class=3D""><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><blockquote type=3D"cite" class=3D"">CoinJoin works as a =
method of both improving fungibility and mixing with<br =
class=3D"">coinbase transactions.</blockquote><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><div class=3D"">My =
understanding is that the two situations are quite different.</div><div =
class=3D""><br class=3D""></div><div class=3D"">Unlike mixing to =
coin-split, CoinJoin doesn't create a high demand exclusively for =
coinbase transactions.</div><div class=3D""><br class=3D""></div><div =
class=3D"">However, of the proposed methods, coin-mixing seems the =
better option, because it might be reasonably easy (I don't know) for =
exchanges to obtain 148 coinbase coins, and mix their coins with them, =
extending the coin-splitting capability beyond just miner coins and then =
using that to split incoming coins.</div><div class=3D""><br =
class=3D""></div><div class=3D"">That seems like the most reasonable =
approach I've heard so far. Whether exchanges would be willing to do =
that is a separate question.</div><div class=3D""><br =
class=3D""></div><div class=3D""><blockquote type=3D"cite" class=3D"">When=
it's confirmed on one chain, but not on the other, you<br class=3D"">can =
then "double-spend" on the lower hashrate chain with a higher fee,<br =
class=3D"">to end up with different coins on both =
chains.</blockquote><br class=3D""></div><div class=3D"">This method is =
time consuming and not guaranteed to work. CPFP can be used by an =
attacker to get your original txn into the 148 chain.</div><div =
class=3D""><br class=3D""></div><div class=3D""><blockquote type=3D"cite" =
class=3D"">(also, no double-n in untenable)</blockquote><br =
class=3D""></div><div class=3D"">Why thank you aj, you're so good at =
spelling. :-)</div><div class=3D""><br class=3D""></div><div =
class=3D"">Cheers,</div><div class=3D"">Greg</div><div class=3D""><br =
class=3D""></div></div></div></blockquote></div><br =
class=3D""></body></html>=
--Apple-Mail=_94E46E0B-71DD-44CB-99F1-5162E263A838--
--Apple-Mail=_F275864B-9D9F-4D1E-9F9E-4AB962B9D5AC
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZNztEAAoJEOxnICvpCVJH6LUP/38RilPZIbs0+eN7AfF9nRD1
mUx+xvMAweh19gUpdpoZ9z7nXVsubg7q2DcVAg0r/Zr5JZw/1akIXz/lOdS7yIi3
aQcB+oKUtg4r79J0tjDpIaJo435OkLjKrvMIyC6z+YoR4/RK6FsfKV6+5Mpukm87
PUuwGTuItvuUEl9Qd4n5kX5H2j0p77Itdz7eTtUafAbSYehy2GHOkBGWQm8Pyot6
Ix77vreo7xuolc+fQDHTfMsidWSIyml0+hQ+tdMUd+gtYLMbxPRGcp3GGoq0cRY5
cezrr3dW5ntOXOC7qEHeCiHRcC6bAPtuhzkG4WP43Z4/li8o5x0h/xfK92PA9tDB
1bnu7qRNEJsFmehbtWmMeDN0xu4uJ7t7+cSmiaG0Ps1IBt88pITtJAM0ogdGnYU1
vWggbc0o9F3ueYMnjiUsVwvA6qcFkIpLEs3jcBsOb/X9kOHi0vPSxSg0tzLuuy5Q
5/z7dlOzn3W/BVci7PsrIinGgeYjc2cTNTwIFrhFbaIzywJF9eAI6KtSEk/HhMag
vnvASxUDLcKmnlo6+2fVHI97h6b2oKXxslV+ZceZjjV0MJmF0LKtuAw3p66T/PQk
5FMog/a0BWf8TXVGFkpnhNooyCBj9aWRMYriIo6pPNhNzdoJkwIxw7R12oQPuZ3I
VBR4sANS8V97VyCXt0X5
=JB9e
-----END PGP SIGNATURE-----
--Apple-Mail=_F275864B-9D9F-4D1E-9F9E-4AB962B9D5AC--
|