Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <bgroff@lavabit.com>) id 1QoUfN-0007Pd-Iy
	for bitcoin-development@lists.sourceforge.net;
	Wed, 03 Aug 2011 06:10:53 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of lavabit.com
	designates 72.249.41.33 as permitted sender)
	client-ip=72.249.41.33; envelope-from=bgroff@lavabit.com;
	helo=karen.lavabit.com; 
Received: from karen.lavabit.com ([72.249.41.33])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1QoUfM-0002vW-Q7 for bitcoin-development@lists.sourceforge.net;
	Wed, 03 Aug 2011 06:10:53 +0000
Received: from a.earth.lavabit.com (a.earth.lavabit.com [192.168.111.10])
	by karen.lavabit.com (Postfix) with ESMTP id 271D111BCA9;
	Wed,  3 Aug 2011 01:10:47 -0500 (CDT)
Received: from lavabit.com (torserver.uvt.nl [137.56.163.46])
	by lavabit.com with ESMTP id ZWUMKCAVGBMD;
	Wed, 03 Aug 2011 01:10:47 -0500
Received: from 137.56.163.46 (SquirrelMail authenticated user bgroff)
	by lavabit.com with HTTP; Wed, 3 Aug 2011 02:10:47 -0400 (EDT)
Message-ID: <43351.137.56.163.46.1312351847.squirrel@lavabit.com>
In-Reply-To: <CAAS2fgQ-L-1K2Oi40tqnhxpnnWQHqgbd4BmqedhA3WcevYiCzg@mail.gmail.com>
References: <CAAS2fgQ-L-1K2Oi40tqnhxpnnWQHqgbd4BmqedhA3WcevYiCzg@mail.gmail.com>
Date: Wed, 3 Aug 2011 02:10:47 -0400 (EDT)
From: bgroff@lavabit.com
To: "Gregory Maxwell" <gmaxwell@gmail.com>
User-Agent: SquirrelMail/1.4.13
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.1 (--)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-Headers-End: 1QoUfM-0002vW-Q7
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Discussion related to pull 349 and pull
 319 (escrow transactions)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 06:10:53 -0000

Gregory Maxwell wrote:

> Pull 349 (https://github.com/bitcoin/bitcoin/pull/349)
> implements a pretty nice implementation of multiple signature escrowed
> transactions. Especially with clearcoin gone I think that this is
> something we ought to have sooner rather than later.
>
> I've tested it on a private network and it appears to work pretty well.

Thank you!  (I think you mean 319 here)

> It probably needs more testing and discussion before it is actually
> added to the client, but one challenge is that because it requires a
> new transaction type it won't be deployable until _after_ an updated
> isStandard is widely used in the network.

With Eligius mining !IsStandard transactions and probably other pools ope=
n
to the idea, I am hopeful that we can quickly get 30%+ of mining power to
upgrade, which means that we could still mine these in a reasonable time
frame (under 1 hour).

...

> Unfortunately, the patch exposes an issue with multisig validation: If
> I understand it correctly, the problem is that due to redundancy in
>  the script length coding opcodes it's possible to code a script
> multiple ways. The signature validation code creates new template
> scripts in order to evaluate signatures for one output, and the code
> in bitcoin is not careful to code the new script the same way the
> original one was coded, causing the signature validation to fail when
> something used OP_PUSHDATA when a direct length could have been used.
>

I'm not sure I see the problem here.  CScript.operator<< currently insert=
s
values into scripts using the shortest possible sequence.  As long as cod=
e
continues to conform to this convention, scripts generated by it will
verify correctly.

If new code is written that generates one of the longer sequences, it wil=
l
generate transactions that will not pass block validation since the
signature won't verify.  So such code will be useless and we can refrain
from writing it?

--
Bobby Groff