MIME-Version: 1.0
In-Reply-To: <A182F080-F154-4F05-B2F1-21B90E469267@xbt.hk>
References: <A182F080-F154-4F05-B2F1-21B90E469267@xbt.hk>
From: Natanael <natanael.l@gmail.com>
Date: Wed, 25 Jan 2017 02:22:44 +0100
Message-ID: <CAAt2M1_=8jDWuyO5_n8aXXDVYypvGQ2uL6zkJNn1ZnQOaXM6nQ@mail.gmail.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>,
	Johnson Lau <jl2012@xbt.hk>
Content-Type: multipart/alternative; boundary=94eb2c084140de94860546e111be
Subject: Re: [bitcoin-dev] Anti-transaction replay in a hardfork
Precedence: list

--94eb2c084140de94860546e111be
Content-Type: text/plain; charset=UTF-8

Den 24 jan. 2017 15:33 skrev "Johnson Lau via bitcoin-dev" <
bitcoin-dev@lists.linuxfoundation.org>:


B. For transactions created before this proposal is made, they are not
protected from anti-replay. The new fork has to accept these transactions,
as there is no guarantee that the existing fork would survive nor maintain
any value. People made time-locked transactions in anticipation that they
would be accepted later. In order to maximise the value of such
transactions, the only way is to make them accepted by any potential
hardforks.


This can be fixed.

Make old-format transactions valid *only when paired with a fork-only
follow-up transaction* which is spending at least one (or all) of the
outputs of the old-format transaction.

(Yes, I know this introduces new statefulness into the block validation
logic. Unfortunately it is necessary for maximal fork safety. It can be
disabled at a later time if ever deemed no longer necessary.)

Meanwhile, the old network SHOULD soft-fork in an identical rule with a
follow-up transaction format incompatible with the fork.

This means that old transactions can not be replayed across forks/networks,
because they're not valid when stand-alone. It also means that all wallet
clients either needs to be updated OR paired with software that intercepts
generated transactions, and automatically generates the correct follow-up
transaction for it (old network only).

The rules should be that old-format transactions can't reference new-format
transactions, even if only a softfork change differ between the formats.
This prevents an unnecessary amount of transactions pairs generated by old
wallets. Thus they can spend old outputs, but not spend new ones.

--94eb2c084140de94860546e111be
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div data-smartmail=3D"gmail_signature" dir=3D"auto"><br>=
</div><div class=3D"gmail_extra" dir=3D"auto"><br><div class=3D"gmail_quote=
">Den 24 jan. 2017 15:33 skrev &quot;Johnson Lau via bitcoin-dev&quot; &lt;=
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
linuxfoundation.org</a>&gt;:<br type=3D"attribution"><blockquote class=3D"q=
uote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1e=
x"><div style=3D"word-wrap:break-word"><div><br></div><div><br></div><div>B=
. For transactions created before this proposal is made, they are not prote=
cted from anti-replay. The new fork has to accept these transactions, as th=
ere is no guarantee that the existing fork would survive nor maintain any v=
alue. People made time-locked transactions in anticipation that they would =
be accepted later. In order to maximise the value of such transactions, the=
 only way is to make them accepted by any potential hardforks.</div><div></=
div></div></blockquote></div></div><div dir=3D"auto"><br></div><div dir=3D"=
auto">This can be fixed.=C2=A0</div><div dir=3D"auto"><br></div><div dir=3D=
"auto">Make old-format transactions valid *only when paired with a fork-onl=
y follow-up transaction* which is spending at least one (or all) of the out=
puts of the old-format transaction.=C2=A0</div><div dir=3D"auto"><br></div>=
<div dir=3D"auto">(Yes, I know this introduces new statefulness into the bl=
ock validation logic. Unfortunately it is necessary for maximal fork safety=
. It can be disabled at a later time if ever deemed no longer necessary.)</=
div><div dir=3D"auto"><br></div><div dir=3D"auto">Meanwhile, the old networ=
k SHOULD soft-fork in an identical rule with a follow-up transaction format=
 incompatible with the fork.=C2=A0</div><div dir=3D"auto"><br></div><div di=
r=3D"auto">This means that old transactions can not be replayed across fork=
s/networks, because they&#39;re not valid when stand-alone. It also means t=
hat all wallet clients either needs to be updated OR paired with software t=
hat intercepts generated transactions, and automatically generates the corr=
ect follow-up transaction for it (old network only).=C2=A0</div><div dir=3D=
"auto"><br></div><div dir=3D"auto">The rules should be that old-format tran=
sactions can&#39;t reference new-format transactions, even if only a softfo=
rk change differ between the formats. This prevents an unnecessary amount o=
f transactions pairs generated by old wallets. Thus they can spend old outp=
uts, but not spend new ones.=C2=A0</div><div dir=3D"auto"><br></div><div di=
r=3D"auto"><br></div></div>

--94eb2c084140de94860546e111be--