Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 650C718E6 for ; Sat, 3 Aug 2019 00:51:19 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from APC01-HK2-obe.outbound.protection.outlook.com (mail-oln040092255087.outbound.protection.outlook.com [40.92.255.87]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6024B712 for ; Sat, 3 Aug 2019 00:51:16 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FsrYCZ3GwzgxcxaMWI+7UoUNOkM8dAqGETCRSiTHnhZ7hUK8wpIFEuCH6amHTaHqr0WtqC5DO1IhwoTkg4/joFGF8LuviRKCgW42NuBXjcaBmHyHTnuQ8OUM+C1nvwNG7p4kpWwglJgPNqNZj8NLst7Oe9C3Mv4UqcCM/wC9wlUU2y+ypxp3G8CQJ0+zmZXyddBINHG12WzDd/GVq8wdkit0JlsfBRhm6Kx2QhtE0NpBiY4Bdvk5dMCaYt639/AEp2ScsVm8xfolxKtCjtgllpDo0biM8L1voRCGBcQANxycWpEpi/sE/DnDJENe0mXNN2bbrX8Zuw0OwfmTy/YoVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DQu/DtjXnfqXcv34HVwF6+vtPSJjxz3zlOOFWT8m1JA=; b=cSIsi/50/+IwtoLOOhaznziheXxapCG1k1nLbG49nmo4Pg1I7Yz7Urh4d52tojUaenGh7bL5lXScpMWdsZ9xB3mbXwyS9AztZki95CXy0uBiKfbJps4u2DFCucIt06jAjidEd1FvYkBLVQik98//hWfRctmK6TVjioB/K+mavFDH62kg//67CH4QglZ675W8QrR8Yhy/7n+sCJRxHXFeDq4oCQnhosf7kTNZoyvKJx89LK+vzQyGgTJnzYCqp66TA8KUgX9N9MdWOFEky6Q1Dv4Mon65ZiDXeFIkGRbFyj/p87XtbK2KAZFNTHao5BaX3OLfUAjsyontBlRAMDf8GQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=none;dmarc=none;dkim=none;arc=none Received: from SG2APC01FT009.eop-APC01.prod.protection.outlook.com (10.152.250.57) by SG2APC01HT076.eop-APC01.prod.protection.outlook.com (10.152.251.173) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2136.14; Sat, 3 Aug 2019 00:51:13 +0000 Received: from PS2P216MB0179.KORP216.PROD.OUTLOOK.COM (10.152.250.57) by SG2APC01FT009.mail.protection.outlook.com (10.152.250.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14 via Frontend Transport; Sat, 3 Aug 2019 00:51:12 +0000 Received: from PS2P216MB0179.KORP216.PROD.OUTLOOK.COM ([fe80::d894:e42b:554e:326d]) by PS2P216MB0179.KORP216.PROD.OUTLOOK.COM ([fe80::d894:e42b:554e:326d%6]) with mapi id 15.20.2136.010; Sat, 3 Aug 2019 00:51:12 +0000 From: LORD HIS EXCELLENCY JAMES HRMH To: Ethan Heilman , Bitcoin Dev , "Kenshiro []" Thread-Topic: [bitcoin-dev] Add a moving checkpoint to the Bitcoin protocol Thread-Index: AQHVR5sdyaW9NUkjL067/8euo+yr/KbkwSWAgAAJxaeAAAS0t4AC+h2AgAAG9aGAAMoOKw== Date: Sat, 3 Aug 2019 00:51:12 +0000 Message-ID: References: <28454621.Lge63Ifvux@dprfs-d5766> , , In-Reply-To: Accept-Language: en-AU, en-US Content-Language: en-AU X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:05B409AB4AD00F070B7F38B8C7733C240E2EC8C4A7C98D2AEC287E9DBDF7D95E; UpperCasedChecksum:AD71AA0482EB2B56B0326878A8A4D118CC0231BF2493DB8E06A2021745D8CE79; SizeAsReceived:7289; Count:43 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [R9difbMTtjzBmwG8kHBh0I0vB0WZFM1N] x-ms-publictraffictype: Email x-incomingheadercount: 43 x-eopattributedmessage: 0 x-ms-exchange-slblob-mailprops: =?iso-8859-1?Q?h70CqCTTlEHTkraj2UDLx0aqoBzdZXyqddGDHiO5KyPRT3f1wkjspJ+pmn?= =?iso-8859-1?Q?b+Oehxfqeibalt10MvbvQbGsrgNaSSMOM4ExuBFGqBHwDJDMcCoKqsaidH?= =?iso-8859-1?Q?06UytifyejimCIfrMINlsed6IG/9lKVT/jlxg1Bbn7IS42z5o7oUM3tUV4?= =?iso-8859-1?Q?D9Vk4YolUJYNlPNaUWnpNLmxcnDATQjd/SIGpljCndj1ry4L9tJGqEpKtC?= =?iso-8859-1?Q?sL8bwN4xfwstMh2BhuJZEB8WkQJWbuLPDx8mwlXThviQu0/lvkPdLQCgww?= =?iso-8859-1?Q?YyOE9Y0ohVXgQ1x5vPQCFIggScvT97YECMeGxtH3sk9t+8gkR8FG9Zro33?= =?iso-8859-1?Q?SZeW6myoWEtkCiMBxK6r+GXdvV3yoAx6MaNZNpCwckv+AqXrzeMEzTQvss?= =?iso-8859-1?Q?TdgBghmlkvMvs05pAdC4TtwNpb2Pot4dYn78idg+kTjjJPOmy9epjeFHqD?= =?iso-8859-1?Q?tYUZkJ8ZEmkU6aMcfc41J/2a2xAF//GIW1rDrSZGsMjkCuuJsIVf0gAL0g?= =?iso-8859-1?Q?Y4lfm2TZQ6xjhXJu0kxhHhKr7wr0F6dZLFeFkdQjzVacW+SWF76XXg5KsQ?= =?iso-8859-1?Q?w8XnQtuPv4+xUjUpE9NqJua4Sm/LhV5CWc8xG2kYR62smi7+5rO9Z10ijw?= =?iso-8859-1?Q?6Fb1cSWqwVwWPXrgoQjg9sEWl4tliGKMfZ/+suYqPM83ERn2fACsc6OdWh?= =?iso-8859-1?Q?5+/KC/mucwXk6vXOJyyJqoD2ldvi6k3Kr4yKOFWPUDoFMeVeBkji9CNPb3?= =?iso-8859-1?Q?e1Nl4ATBsRb9Q8qJIj6DBjb9HKZdPshlmGZ5NkuPsWOcddiTkjVcxyYdh1?= =?iso-8859-1?Q?dt8/LnqgbTVe9mRwqxJB04cwYlvbgQZVlEv9WtTXkgPm43AAhhrtQ6FFRO?= =?iso-8859-1?Q?iqnxJ1A8zS8Qg4hgmr9p6shNzxYOJTwB/y3gnE0WnVcDuwuWCNf5bnZwEE?= =?iso-8859-1?Q?whsiRPf1P6EJ9Uu3S0HBiQzsx0SA5xDX7vSQnJVAiMDqlHWGYtkbLvsVz+?= =?iso-8859-1?Q?T3Beans/yFC52+bz+t7KVxiCHSrJdONRMBNsl1wJEmPA05Mjxl9pbFnV4S?= =?iso-8859-1?Q?gzwHgk4cbodDYtdEy18IElPs6o2HhI4L+fVYl6ocpb+Y?= x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(5050001)(7020095)(20181119110)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(201702181274)(2017031322404)(2017031323274)(2017031324274)(1601125500)(1603101475)(1701031045); SRVR:SG2APC01HT076; x-ms-traffictypediagnostic: SG2APC01HT076: x-ms-exchange-purlcount: 2 x-microsoft-antispam-message-info: wgOXK4+QKbyXQYkRkrNaG01Mtymt9GJ9bmEdOR51woCK8JCpsToDL8Z1KPdUtkH6D0CI9BY1BeN7SOgZrIwJlySfj1Qlwa791DD14SBc/dN2li+Q9F1rtCsS5e1Ih7q9U+k7qtRd6jxgJD2KUWl/LHrnEl//lE2z1fhKKAeVdD9oQK6UgSYrv5FXhBU3lX7w Content-Type: multipart/alternative; boundary="_000_PS2P216MB0179F9419B116F333EBF10799DD80PS2P216MB0179KORP_" MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 21002fa3-0fe9-48ef-1837-08d717acaeb3 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2019 00:51:12.8251 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2APC01HT076 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sat, 03 Aug 2019 02:25:17 +0000 Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin protocol X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Aug 2019 00:51:19 -0000 --_000_PS2P216MB0179F9419B116F333EBF10799DD80PS2P216MB0179KORP_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have but one point to make in a brief catch-up read over. With the current protocol the fix to a network split is simple, the longest= chain win. But with the moving checkpoint I'm proposing we have a problem = if both chains began to differ more than N blocks ago, the forks are perman= ent. So we need an additional rule to ignore the moving checkpoint, a limit= of X blocks: It is not to be considered the longest chain, it is to be considered the lo= ngest chain with the most proof of work. Regards, LORD HIS EXCELLENCY JAMES HRMH ________________________________ From: bitcoin-dev-bounces@lists.linuxfoundation.org on behalf of Kenshiro [] via bitcoin-dev Sent: Friday, 2 August 2019 11:08 PM To: Ethan Heilman ; Bitcoin Dev Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin protocol Hi all, Very good points. I did some clarifications in a private conversation, the = new rule is making the moving checkpoint valid only if the difference in bl= ocks between the main chain and the new fork is smaller than X blocks, like= for example 3 days of blocks, so after a long network split everyone can f= inally follow the longest chain: With the current protocol the fix to a network split is simple, the longest= chain win. But with the moving checkpoint I'm proposing we have a problem = if both chains began to differ more than N blocks ago, the forks are perman= ent. So we need an additional rule to ignore the moving checkpoint, a limit= of X blocks: If a node sees a fork longer than his main chain, and the fork has at least= X blocks more than the main chain, then the node ignore the moving checkpo= int rule, and it follows the fork, the longest chain. So as an example, the moving checkpoint could be 24 hours of blocks, and th= e limit of X blocks, the blocks of 3 days. So we have 2 possible situations to consider: - 51% attack: the blocks older than 24 hours are protected against a histo= ry rewrite during at least 3 days, in that time developers could release an= emergency release with another mining algorithm to stop the attack. - Network split: if the network split is older than N blocks, we have 2 per= manent forks (or chains), but in 3 days (or more) the blockchain heights wi= ll differ in more than X blocks (the blocks of 3 days) because there will b= e more miners in one chain than in the other so finally the loser chain wil= l be abandoned and everyone will follow the longest chain. It could be even more conservative, like 48 hours for the moving checkpoint= and a block limit of 7 days of blocks. Regards, ________________________________ From: Ethan Heilman Sent: Friday, August 2, 2019 14:19 To: Kenshiro [] ; Bitcoin Dev Cc: Alistair Mann Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin protocol Attack 1: I partition (i.e. eclipse) a bunch of nodes from the network this partition= contains no mining power . I then mine 145 blocks for this partition. I do= n't even need 51% of the mining power because I'm not competing with any ot= her miners. Under this rule this partition will hardfork from the network p= ermanently. Under current rules this partition will be able to rejoin the n= etwork as the least weight chain will be orphaned. Attack 2: I pre-mine 145 blocks. A node goes offline for 24 hours, when it rejoins I = feed it 145 blocks which fork off from the consensus chain. I have 24+24 ho= urs to mine these 145 blocks so I should be able to do this with 25% of the= current hash rate at the time the node went offline. Under your rule each = of these offline-->online nodes I attack this way will hardfork themselves = from the rest of the network. I believe a moving-checkpoint rule as describe above would make Bitcoin mor= e vulnerable to 51% attacks. A safer rule would be if a node detects a fork with both sides of the split= having length > 144 blocks, it halts and requests user intervention to de= termine which chain to follow. I don't think 144 blocks is a great number = to use here as 24 hours is very short. I suspect you could improve the secu= rity of the rule by making the number of blocks a fork most reach to halt t= he network proportional to the difference in time between the timestamp in = the block prior to the fork and the current time. I am **NOT** proposing Bi= tcoin adopt such a rule. NXT has a fundamentally different security model as it uses Proof-of-stake = rather than Proof-of-Work. On Wed, Jul 31, 2019 at 2:37 PM Kenshiro [] via bitcoin-dev > wrot= e: P.S.: To be clearer, in this example I set an N value of 144 blocks, which = is approximately 24 hours. ________________________________ From: Kenshiro [] > Sent: Wednesday, July 31, 2019 16:40 To: Alistair Mann >; Bitcoin Protocol Dis= cussion > Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin protocol >>> How would a (potentially, state-sponsored) netsplit lasting longer than= N be handled? It would be detected by the community much before reaching the reorg limit = of N blocks (it's 24 hours) so nodes could stop until the netsplit is fixed= . In the extreme case no one notice the network split during more than N bloc= ks (24 hours) and there are 2 permanent forks longer than N, nodes from one= branch could delete their local history so they would join the other branc= h. Regards, ________________________________ From: Alistair Mann > Sent: Wednesday, July 31, 2019 15:59 To: Kenshiro [] >; Bitcoin = Protocol Discussion > Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin protocol On Wednesday 31 Jul 2019 12:28:58 Kenshiro [] via bitcoin-dev wrote: > I would like to propose that a "moving checkpoint" is added to the Bitcoi= n > protocol. It's a very simple rule already implemented in NXT coin: > > - A node will ignore any new block under nodeBlockHeight - N, so the > blockchain becomes truly immutable after N blocks, even during a 51% atta= ck > which thanks to the moving checkpoint can't rewrite history older than th= e > last N blocks. How would a (potentially, state-sponsored) netsplit lasting longer than N b= e handled? -- Alistair Mann _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev --_000_PS2P216MB0179F9419B116F333EBF10799DD80PS2P216MB0179KORP_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I have but one point to make in a brief catch-up read over.

With the current protocol the fix to a network split is simple, the long= est chain win. But with the moving checkpoint I'm proposing we have a p= roblem if both chains began to differ more than N blocks ago, the forks are= permanent. So we need an additional rule to ignore the moving checkpoint, a limit of X blocks:
 
It is not to be considered the longest chain, it is to be considered the lo= ngest chain with the most proof of work.

Regards,
LORD HIS EXCELLENCY JAMES HRMH


From: bitcoin-dev-bounces= @lists.linuxfoundation.org <bitcoin-dev-bounces@lists.linuxfoundation.or= g> on behalf of Kenshiro [] via bitcoin-dev <bitcoin-dev@lists.linuxf= oundation.org>
Sent: Friday, 2 August 2019 11:08 PM
To: Ethan Heilman <eth3rs@gmail.com>; Bitcoin Dev <bitcoin-= dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin pr= otocol
 
Hi all,

Very good points. I did some clarifications in a private conversation, the = new rule is making the moving checkpoint valid only if the difference in bl= ocks between the main chain and the new fork is smaller than X blocks, like= for example 3 days of blocks, so after a long network split everyone can finally follow the longest chain:<= /div>

With the current protocol the fix to a network split is simple, the longest= chain win. But with the moving checkpoint I'm proposing we have a problem = if both chains began to differ more than N blocks ago, the forks are perman= ent. So we need an additional rule to ignore the moving checkpoint, a limit of X blocks:

If a node sees a fork longer than his main chain, and the fork has at = least X blocks more than the main chain, then the node ignore the moving ch= eckpoint rule, and it follows the fork, the longest chain.

So as an example, the moving checkpoint could be 24 hours of blocks, a= nd the limit of X blocks, the blocks of 3 days.

So we have 2 possible situations to consider:

- 51% attack:  the blocks older than 24 hours are protected again= st a history rewrite during at least 3 days, in that time developers could = release an emergency release with another mining algorithm to stop the atta= ck.

- Network split: if the network split is older than N blocks, we have= 2 permanent forks (or chains), but in 3 days (or more) the blockchain heig= hts will differ in more than X blocks (the blocks of 3 days) because there = will be more miners in one chain than in the other so finally the loser chain will be abandoned and everyon= e will follow the longest chain.

It could be even more conservative, like 48 hours for the moving checkpoint= and a block limit of 7 days of blocks.

Regards,



From: Ethan Heilman <e= th3rs@gmail.com>
Sent: Friday, August 2, 2019 14:19
To: Kenshiro [] <tensiam@hotmail.com>; Bitcoin Dev <bitcoin= -dev@lists.linuxfoundation.org>
Cc: Alistair Mann <al@pectw.net>
Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin pr= otocol
 
Attack 1:
I partition (i.e. eclipse) a bunch of nodes from the network this partition= contains no mining power . I then mine 145 blocks for this partition. I do= n't even need 51% of the mining power because I'm not competing with any ot= her miners. Under this rule this partition will hardfork from the network permanently. Under current rules = this partition will be able to rejoin the network as the least weight chain= will be orphaned.

Attack 2:
I pre-mine 145 blocks. A node goes offline for 24 hours, when it rejoins I = feed it 145 blocks which fork off from the consensus chain. I have 24+2= 4 hours to mine these 145 blocks so I should be able to do this with 25% of= the current hash rate at the time the node went offline. Under your rule each of these offline-->online nodes= I attack this way will hardfork themselves from the rest of the network.
I believe a moving-checkpoint rule as describe above would make Bitcoin mor= e vulnerable to 51% attacks.

A safer rule would be if a node detects a fork with both sides of the split= having  length > 144 blocks, it halts and requests user interventi= on to determine which chain to follow.  I don't think 144 blocks is a = great number to use here as 24 hours is very short. I suspect you could improve the security of the rule by making the = number of blocks a fork most reach to halt the network proportional to the = difference in time between the timestamp in the block prior to the fork and= the current time. I am **NOT** proposing Bitcoin adopt such a rule.

NXT has a fundamentally different security model as it uses Proof-of-stake = rather than Proof-of-Work.

On Wed, Jul 31, 2019 at 2:37 PM K= enshiro [] via bitcoin-dev <bitcoin-dev@lists.linuxfo= undation.org> wrote:
P.S.: To be clearer, in this example I set an N value of 144 blocks, which = is approximately 24 hours.

From: Kenshiro [] <tensiam@hotmail.com>
Sent: Wednesday, July 31, 2019 16:40
To: Alistair Mann <al@pectw.net>; Bitcoin Protocol Discussion &l= t;bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin pr= otocol
 
>>> How would a (potentially, state-sponsored) netsplit= lasting longer than N be
handled?  

It would be detected by the community much before reaching the reorg = limit of N blocks (it's 24 hours) so nodes could stop until the netsplit is= fixed. 

In the extreme case no one notice the network split during more than = N blocks (24 hours) and there are 2 permanent forks longer than N, n= odes from one branch could delete their local history so they would join th= e other branch.

Regards,


From: Alistair Mann <al@pectw.net>
Sent: Wednesday, July 31, 2019 15:59
To: Kenshiro [] <tensiam@hotmail.com>; Bitcoin Protocol D= iscussion <bitcoin-dev@lists.linuxfoundation.org&= gt;
Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin pr= otocol
 
On Wednesday 31 Jul 2019 12:28:58 Kenshiro [] via bitcoin-dev wrote:
> I would like to propose that a "moving checkpoint" is added = to the Bitcoin
> protocol. It's a very simple rule already implemented in NXT coin:
>
> - A node will ignore any new block under nodeBlockHeight - N, so the > blockchain becomes truly immutable after N blocks, even during a 51% a= ttack
> which thanks to the moving checkpoint can't rewrite history older than= the
> last N blocks.

How would a (potentially, state-sponsored) netsplit lasting longer than N b= e
handled? 
--
Alistair Mann

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundati= on.org/mailman/listinfo/bitcoin-dev
--_000_PS2P216MB0179F9419B116F333EBF10799DD80PS2P216MB0179KORP_--