Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1XBWqL-0004rw-4A
	for bitcoin-development@lists.sourceforge.net;
	Sun, 27 Jul 2014 22:23:01 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.148.99 as permitted sender)
	client-ip=62.13.148.99; envelope-from=pete@petertodd.org;
	helo=outmail148099.authsmtp.net; 
Received: from outmail148099.authsmtp.net ([62.13.148.99])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1XBWqI-00065f-Pn for bitcoin-development@lists.sourceforge.net;
	Sun, 27 Jul 2014 22:23:01 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
	by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s6RMMpRN089840;
	Sun, 27 Jul 2014 23:22:51 +0100 (BST)
Received: from savin (75-119-251-161.dsl.teksavvy.com [75.119.251.161])
	(authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s6RMMkp5028010
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Sun, 27 Jul 2014 23:22:49 +0100 (BST)
Date: Sun, 27 Jul 2014 18:22:52 -0400
From: Peter Todd <pete@petertodd.org>
To: Mike Hearn <mike@plan99.net>
Message-ID: <20140727222252.GC14717@savin>
References: <53D1AF6C.7010802@gmail.com>
	<CANEZrP2N6zf7RUtPzA+7-X5+UKBmrY-D_8Md+_=8nssoFNng9A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="Md/poaVZ8hnGTzuv"
Content-Disposition: inline
In-Reply-To: <CANEZrP2N6zf7RUtPzA+7-X5+UKBmrY-D_8Md+_=8nssoFNng9A@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 8af43b75-15dc-11e4-b396-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdAUUEkAYAgsB AmIbWVdeUl97XWo7 bA9PbARUfEhLXhtr
	VklWR1pVCwQmQhpj e2NFEhxydQ1GeX4+ ZE9mW3IVVBUscUUv
	RUtJFGhSNnphaTUb TRJbfgVJcANIexZF O1F6ACIKLwdSbGoL
	NQ4vNDcwO3BTJTpY RgYVKF8UXXNDIj85 SnjL
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 75.119.251.161/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [62.13.148.99 listed in list.dnswl.org]
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1XBWqI-00065f-Pn
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
	Ron OHara <ron.ohara54@gmail.com>
Subject: Re: [Bitcoin-development] Time
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 27 Jul 2014 22:23:01 -0000


--Md/poaVZ8hnGTzuv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 25, 2014 at 12:30:11PM +0200, Mike Hearn wrote:
> >
> > Ok... 'time' on the blockchain could be 'gamed' ... but with great
> > difficulty.
>=20
>=20
> Unfortunately not: miners have in the past routinely gamed the timestamp =
in
> order to use it as an extra nonce and squeeze some more gigahashes out of
> their hardware/pool.

That's correct, but irrelevant for this application. The "gaming"
possible is only a few bits; gaming more bits than that either makes
blocks invalid due to being >2hr in the future, or < the median time in
the past. In addition doing the latter causes difficulty to rise.

Also see: "Re: [Bitcoin-development] 32 vs 64-bit timestamp fields" -
          Peter Todd - 08 May 2013
http://www.mail-archive.com/bitcoin-development%40lists.sourceforge.net/msg=
02144.html

> > An application presented with a fake blockchain can use
> > quite a few heuristics to test the 'validity' of the block chain.
> >
>=20
> The app cannot tell if it was given a truncated chain. You could keep such
> an app stuck in the past forever. This is often a problem.

Only if the app is trying to use the blockchain non-interactively. The
right way to use the blockchain for determining the current time is to
create a nonce, timestamp it, wait for a confirmation, and get the
merkle path to the block header. This proves the attacker has spent at
least whatever resources it took to create a block considered valid by
your application. (you'll probably want to have a fairly high
min-difficulty)

> > Reliable 'time' has been impossible up until now - because you need to
> > trust the time source, and that can always be faked.  Using the
> > blockchain as an approximate time source gives you a world wide
> > consensus without direct trust of any player.
> >
>=20
> Much though I hate to be a party pooper, you could currently get
> Bitcoin-level trusted time by just polling at least two or three
> independent servers e.g. google.com, baidu.cn, yandex.ru    (they all ser=
ve
> time via HTTPS headers).
>
> If we crack the mining decentralisation problem then this argument becomes
> a lot stronger, but for now ......

See https://github.com/ioerror/tlsdate

Reminds me: anyone know if tlsdate is able to produce timestamp proofs
verifiable by third-parties? If it could in conjunction with the
blockchain as a random beacon you could at least show dishonesty by
showing that google.com/etc. signed a HTTPS header with a time prior to
when some block was created. Right now unlike the blockchain these
independent servers can easily get away with timestamp fraud,
particularly if they manage to target your specific application. (use
Tor!)

Equally, the blockchain has the advantage that it's easy to show that
invalid blocks are being created for the purpose of creating fake
timestamps; it'd be reasonable for the P2P network to relay any block
header seen with a difficulty > some anti-DoS threshold. Gavin already
did something similar with relaying invalid blocks in pull-req #3580.
It had the flaw of making network splits worse, but in conjunction with
a separate "invalid-block" inv type I think the issue goes away.

--=20
'peter'[:-1]@petertodd.org
0000000000000000201d505432d708aa2edb656f6fe34d686b37d4747e5ff389

--Md/poaVZ8hnGTzuv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQGrBAEBCACVBQJT1Xu4XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAyMDFkNTA1NDMyZDcwOGFhMmVkYjY1NmY2ZmUzNGQ2ODZi
MzdkNDc0N2U1ZmYzODkvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfsj/wgAmhWz18fnwJmwzk2xNzxevP+N
2/NbQcah+HGvV7oq8I9l0zj/Z4WErr/oOrrbvNNWmVWnScC4Ul3Cdow9bYGAcqeW
+dhPUuSD7Jz8Uh0SPvqT3E+zWKjsW93W/Sl1PoRGFFGBKCu7nvOkuVY/21vA471P
kM+Jwj8q3feQNBH2I9PyApwiUHEu6qF4fBv8vytQrovLOHPuosjt52kSVUhbwt6h
+qqHTwKLF4Uz28OKby3Hhhu+bsSeWuWYKe8DgeISMvHf7lQKVtyC4SQ3jC0GfTNm
cfhbHAsVZvIlD+opfh0tk3FLCoREz2CfExB0r709hsYjuZ8ICCWKjMdMZb39/w==
=EDM6
-----END PGP SIGNATURE-----

--Md/poaVZ8hnGTzuv--