1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <apoelstra@wpsoftware.net>) id 1XlMm5-0007Pi-Jf
for bitcoin-development@lists.sourceforge.net;
Mon, 03 Nov 2014 18:54:45 +0000
X-ACL-Warn:
Received: from wpsoftware.net ([96.53.77.134] helo=mail.wpsoftware.net)
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1XlMm4-00084L-9G
for bitcoin-development@lists.sourceforge.net;
Mon, 03 Nov 2014 18:54:45 +0000
Received: from shavo.vs.shawcable.net (Cisco01253.vs.shawcable.net
[192.168.0.1]) (authenticated bits=0)
by mail.wpsoftware.net (8.14.7/8.14.7) with ESMTP id sA3HsxCU032035
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
verify=NO); Mon, 3 Nov 2014 09:55:00 -0800
Date: Mon, 3 Nov 2014 09:54:59 -0800
From: Andrew Poelstra <apoelstra@wpsoftware.net>
To: Alex Mizrahi <alex.mizrahi@gmail.com>
Message-ID: <20141103175459.GT6400@shavo.vs.shawcable.net>
References: <CALqxMTHeipZZrJ_NSXK9vxiO83gSDgM6TA7T7XNBS3LtmuK2KA@mail.gmail.com>
<CAE28kUQS-ykQkLvZhKyR9ULh_=BPbdkm-TbVGOXdujy0e5xPFQ@mail.gmail.com>
<CABm2gDqXkAKoNKwvznPfKKEq+c-F+Co7kudqQa2wHjcCU3iysQ@mail.gmail.com>
<CAE28kURz3smtwDvVuPQDFxosqB2tRNWiM3bf=BeLcjhJ2eiR5A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="HtRZva1Vzv8iP5ye"
Content-Disposition: inline
In-Reply-To: <CAE28kURz3smtwDvVuPQDFxosqB2tRNWiM3bf=BeLcjhJ2eiR5A@mail.gmail.com>
User-Agent: Mutt/1.5.22+19 (8f62001989cc) (2013-10-16)
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
X-Headers-End: 1XlMm4-00084L-9G
Cc: Bitcoin-Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] side-chains & 2-way pegging (Re: is there
a way to do bitcoin-staging?)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 03 Nov 2014 18:54:46 -0000
--HtRZva1Vzv8iP5ye
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Nov 03, 2014 at 06:01:46PM +0200, Alex Mizrahi wrote:
>=20
> Yes, but "harder" isn't same as "unlikely".
>
We are aware of the distintion between hardness (expected work) and
likelihood of successful attack -- much of Appendix B talks about this,
in the context of producing compact SPV proofs which are (a) hard to
forge, and (b) very unlikely to be forgeries.
We did spend some time formalizing this but due to space constraints
(and it being somewhat beside the point of the whitepaper beyond "we
believe it is possible to do"), we did not explore this in as great
depth as we'd have liked.
=20
> Another problem with this section is that it only mentions reorganization=
s.
> But a fraudulent transfer can happen without a reorganization, as an
> attacker can produce an SPV proof which is totally fake. So this is not
> similar to double-spending, attacker doesn't need to own coins to perform
> an attack.
>=20
Well, even in the absense of a reorganization, the attacker's false proof
will just be invalidated by a proof of longer work on the real chain.
And there is still a real cost to producing the false proof.
--=20
Andrew Poelstra
Mathematics Department, University of Texas at Austin
Email: apoelstra at wpsoftware.net
Web: http://www.wpsoftware.net/andrew
--HtRZva1Vzv8iP5ye
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJUV8FzAAoJEHrQqRxAvQCRXBgH/1UiDodseOEWglbEvZIitHF4
6z9bRkz3KJRXtnc4eEczRfVnywF4J++fvf/QSmwMVgzTlBslEXa7AOYXC8skvV0a
00bBFZOuNW6tJpW8/dTYDLcrdaq3SEaSzdw18jk+RvV08LbrcETsAF5EuQ+a3TCO
VbYNJJXdMxFKmeNpIqRGGFxcF3qm4PDWzT1TFrzq5OHTuijJVCe8PgGgn+OYfRw3
MuIG7/VpCV0jWD8vc8s6PxVxsgK6xoSIzE0q+/aubuwcY1wq7VpSullP85WZrnec
4X1cugpRj9whkSxO93NPJlwAnbIDpLN2uuq3y5j3iBAheY2ahRaXIKilekr77y8=
=dWHv
-----END PGP SIGNATURE-----
--HtRZva1Vzv8iP5ye--
|
