Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 74C8F93E for ; Tue, 28 Mar 2017 22:36:25 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.bluematt.me (mail.bluematt.me [192.241.179.72]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 14805110 for ; Tue, 28 Mar 2017 22:36:25 +0000 (UTC) Received: from [172.17.0.2] (unknown [162.243.132.6]) by mail.bluematt.me (Postfix) with ESMTPSA id E2FAD1399D0; Tue, 28 Mar 2017 22:35:17 +0000 (UTC) To: Luke Dashjr , bitcoin-dev@lists.linuxfoundation.org, =?UTF-8?Q?Jorge_Tim=c3=b3n?= References: <201703220847.31303.luke@dashjr.org> <30FB8B13-135D-4905-B1B4-76D79341CA02@mattcorallo.com> <201703250516.26362.luke@dashjr.org> From: Matt Corallo Message-ID: <134ac169-08ed-706b-b64d-409fef942c73@mattcorallo.com> Date: Tue, 28 Mar 2017 22:35:05 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <201703250516.26362.luke@dashjr.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Fraud proofs for block size/weight X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2017 22:36:25 -0000 I dont think thats true? Sure, you have to assume the block is valid aside from a too-large size, but it seems sane. You don't strictly need to show that a leaf is a parseable transaction, as long as you can assume that the block is valid and that you cannot forge a SHA256 midstate which, when combined with data with a given length tag, would result in a hash of a given value (this is a pretty strong assumption, IMO, IIRC this was not a studied nor a claimed feature of SHA256). The only issue is that, since parts of the merkle tree are repeated, you need to be sure that the counting for minimum number of transactions is accurate, though I did not review your proposal text to check that. On 03/25/17 05:16, Luke Dashjr wrote: - snip - > The only way to establish the number of transactions at all, is to show that a > leaf is a parsable transaction. Which this doesn't actually show, so it's > broken. :( Need to think on this. Any ideas? :/ > > Luke >