summaryrefslogtreecommitdiff
path: root/fb/955492ec299a25c967c7e6e0afee797ab4d378
blob: 10a9d3fcd4e4230e543cdca12cfd1acdbb737c2b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
Return-Path: <user@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 24B131782
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat,  9 Jun 2018 12:45:24 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from outmail148096.authsmtp.net (outmail148096.authsmtp.net
	[62.13.148.96])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7CE2A5E2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat,  9 Jun 2018 12:45:23 +0000 (UTC)
Received: from mail-c245.authsmtp.com (mail-c245.authsmtp.com [62.13.128.245])
	by punt24.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w59CjKcY023002;
	Sat, 9 Jun 2018 13:45:20 +0100 (BST)
	(envelope-from user@petertodd.org)
Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
	[52.5.185.120]) (authenticated bits=0)
	by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w59CjILt048279
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); 
	Sat, 9 Jun 2018 13:45:20 +0100 (BST)
	(envelope-from user@petertodd.org)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by petertodd.org (Postfix) with ESMTPSA id 84A57400FB;
	Sat,  9 Jun 2018 12:45:18 +0000 (UTC)
Received: by localhost (Postfix, from userid 1000)
	id ED7A022043; Sat,  9 Jun 2018 08:45:16 -0400 (EDT)
Date: Sat, 9 Jun 2018 08:45:16 -0400
From: Peter Todd <pete@petertodd.org>
To: Sergio Demian Lerner <sergio.d.lerner@gmail.com>
Message-ID: <20180609124516.6ms6t7r5t7ikved6@petertodd.org>
References: <20180607171311.6qdjohfuuy3ufriv@petertodd.org>
	<CAHUJnBB7UL3mH6SixP_M4yooMVP3DgZa+5hiQOmF=AiqfdpfOg@mail.gmail.com>
	<20180607222028.zbva4vrv64dzrmxy@petertodd.org>
	<CAHUJnBCj8wnjP1=jobfpg7jkfjkX9iSBLeeAOyQCpobh6-AhUA@mail.gmail.com>
	<CAKzdR-paqYgOxToikaVD=0GMsCjHBaynX3WgB-CN6Sn7B7kRXw@mail.gmail.com>
	<CAKzdR-rz2-D5pbcoSw0CK9tR-UY46ybYaZDmUMYTjBgvkL6ugg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="n4wv2ezgeeysfdlz"
Content-Disposition: inline
In-Reply-To: <CAKzdR-rz2-D5pbcoSw0CK9tR-UY46ybYaZDmUMYTjBgvkL6ugg@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
X-Server-Quench: f816e8d2-6be2-11e8-a283-9cb654bb2504
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZIVwkA IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdgsUEkAaAgsB Am4bWldeVFh7W2M7 bghPaBtcak9QXgdq
	T0pMXVMcUwBhckZ4 eloeVhFwcAwIcX9y ZQg0VnFdCUwud1t7
	EBtWCGwHMG99OWIX U11RJFFSdQcYLB1A alQxNiYHcQ5VPz4z
	GA41ejw8IwAXFD5I WR0AIRoXTFwIGjN0 WwoPEH0jEFUZR209
	KAZuMVcSEQ4NIg0z N1AlREkZNBlwQhVE GEZDG2dGJkUBQDc3
	RQoSRkkQDHVTRj1f agAA
X-Authentic-SMTP: 61633532353630.1039:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 52.5.185.120/25
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,LOTS_OF_MONEY,
	RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Trusted merkle tree depth for safe tx inclusion
 proofs without a soft fork
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jun 2018 12:45:24 -0000


--n4wv2ezgeeysfdlz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jun 09, 2018 at 02:21:17PM +0200, Sergio Demian Lerner wrote:
> Also it must be noted that an attacker having only 1.3M USD that can
> brute-force 72 bits (4 days of hashing on capable ASICs) can perform the
> same attack, so the attack is entirely feasible and no person should acce=
pt
> more than 1M USD using a SPV wallet.

That doesn't make any sense. Against a SPV wallet you don't need that attac=
k;
with that kind of budget you can fool it by just creating a fake block at f=
ar
less cost, along with a sybil attack. Sybils aren't difficult to pull off w=
hen
you have the budget to be greating fake blocks.

> Also the attack can be repeated: once you create the "extension point"
> block, you can attack more and more parties without any additional
> computation.

That's technically incorrect: txouts can only be spent once, so you'll need=
 to
do 2^40 work each time you want to repeat the attack to grind the matching =
part
of the prevout again.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--n4wv2ezgeeysfdlz
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEFcyURjhyM68BBPYTJIFAPaXwkfsFAlsby9cACgkQJIFAPaXw
kfsM0wgAsmhTN3FYpldVECQDPH4DEvXEn9Xh2UtTGrpp0Z+WGKZEQpLOIuFlCCvJ
4pNzKiNT2GPmxtPOK6fIWZU2f9SDFN5x1XmD5544frDwy1eYZ4yw4yLqJ4/D0JYd
sH95hduhRcbdZ38LFvb4Vb510fdq9oqVaQkFm0m17751WVbj3WfgaFVeTt6Navws
AUq4lZ92ePKTNgreRfeOyJ1v4MCwLm7/+r2gRCfMMsBQgycrTEcST6yToeB87idO
xJmrXSyU7FmYviizigbzcA5KStIkJbk5ybjR9u/XrgRYFGEbuVSlvq9s/l+74Wmj
j7J8s3RzibRZMtQO1Apb0jt+N3BdxA==
=Wmx2
-----END PGP SIGNATURE-----

--n4wv2ezgeeysfdlz--