Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B5052E2F for ; Sat, 19 Dec 2015 17:46:03 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 37E18148 for ; Sat, 19 Dec 2015 17:46:03 +0000 (UTC) Received: by mail-ig0-f174.google.com with SMTP id to4so12635248igc.0 for ; Sat, 19 Dec 2015 09:46:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=/G5B9JRmC0uTHy3pRbj9d/YPDjpuWPUvGkZxaxqsJXg=; b=ZfoIab8oQE1Nhb3eG9BAofuvILxrSQTvnMihGJDXNP8GKWZ6uEZY2FfUItQr9dGCvg RjYROZU+I58nRrL6aN7TRZPkr9pnqJXf++p+oaDTR3I1MqCWGHzvKxOPxuC4gBXvemBb jA3kON5dNAVX4y12UedFVvmH7cy/ictYuYaQnr08uL4YxVY9r7DD2RdHnZTe6BZ7tGO3 r/j8XsS4jui9HGfQiCCC2TN0OVhJCLtcxrpQvzAOo4elnDroO6H29BX7mie6fwnEQTsV /uBCCY0C4OF3TKP7XUUzJAEjVBWTLzZl9lqVoDdBOYg0tCcnfyMzyZiunr/KEVfgXASw Gy0g== MIME-Version: 1.0 X-Received: by 10.50.79.234 with SMTP id m10mr9736973igx.57.1450547162578; Sat, 19 Dec 2015 09:46:02 -0800 (PST) Sender: akaramaoun@gmail.com Received: by 10.107.140.199 with HTTP; Sat, 19 Dec 2015 09:46:02 -0800 (PST) In-Reply-To: References: Date: Sat, 19 Dec 2015 17:46:02 +0000 X-Google-Sender-Auth: wipFF6QWDZEeGLCnfrbPZ1F3Dx0 Message-ID: From: Andrew To: Jonathan Toomim Content-Type: multipart/alternative; boundary=089e0122a59c5b077d052743d44d X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sat, 19 Dec 2015 17:46:52 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] On the security of softforks X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Dec 2015 17:46:03 -0000 --089e0122a59c5b077d052743d44d Content-Type: text/plain; charset=UTF-8 On Fri, Dec 18, 2015 at 2:47 AM, Jonathan Toomim via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > > 1) The risk of an old full node wallet accepting a transaction that is > invalid to the new rules. > > The receiver wallet chooses what address/script to accept coins on. > They'll upgrade to the new softfork rules before creating an address > that depends on the softfork's features. > > So, not a problem. > > > Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob runs > the old rules. Bob creates a p2pkh address for Mallory to use. Mallory > takes 1 BTC, and creates an invalid SegWit transaction that Bob cannot > properly validate and that pays into one of Mallory's wallets. Mallory then > immediately spends the unconfirmed transaction into Bob's address. Bob sees > what appears to be a valid transaction chain which is not actually valid. > > What do you mean a valid transaction chain? If Bob is fully validating (even with old software), he should see that Mallory's signature is not on a transaction with his address. Do you mean Mallory creates a regular transaction as well as an Anyone-can-spend segwit transaction that results in double spending in the same block? Sorry not sure what I'm missing... > Clueless Carol is one of the 4.9% of miners who forgot to upgrade her > mining node. Carol sees that Mallory included an enormous fee in his > transactions, so Carol makes sure to include both transactions in her > block. > > Mallory gets free beer. > > Anything I'm missing? > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > -- PGP: B6AC 822C 451D 6304 6A28 49E9 7DB7 011C D53B 5647 --089e0122a59c5b077d052743d44d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Fri, Dec 18, 2015 at 2:47 AM, Jonathan Toomim via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:=

On Dec 18, 2015, at 10:30 AM, Pieter Wuille via = bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
<= br>
1) The risk of an old full node wallet accepting a transaction that is=
inva= lid to the new rules.

The receiver wallet chooses what address/scri= pt to accept coins on.
They'll upgrade to the new softfork rules before crea= ting an address
that depends on the softfork's features.
=
So, not a p= roblem.

Mallory wants t= o defraud Bob with a 1 BTC payment for some beer. Bob runs the old rules. B= ob creates a p2pkh address for Mallory to use. Mallory takes 1 BTC, and cre= ates an invalid SegWit transaction that Bob cannot properly validate and th= at pays into one of Mallory's wallets. Mallory then immediately spends = the unconfirmed transaction into Bob's address. Bob sees what appears t= o be a valid transaction chain which is not actually valid.

<= /div>
What do you mean a valid transaction chain? If= Bob is fully validating (even with old software), he should see that Mallo= ry's signature is not on a transaction with his address.

<= div>Do you mean Mallory creates a regular transaction as well as an Anyone-= can-spend segwit transaction that results in double spending in the same bl= ock?

Sorry not sure what I'm missing...
=C2=A0
Clueless Carol is one of the 4.9% of miners who forgot= to upgrade her mining node. Carol sees that Mallory included an enormous f= ee in his transactions, so Carol makes sure to include both transactions in= her block.=C2=A0

Mallory gets free beer.

Anything I'm missing?

_________________= ______________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev




--
PGP: B6AC 822C 451D 6304 6A28 =C2=A049E9 7DB7 011C D53B 5647
--089e0122a59c5b077d052743d44d--