Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A8F2E17B9 for ; Sat, 9 Jun 2018 12:51:06 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from outmail149080.authsmtp.com (outmail149080.authsmtp.com [62.13.149.80]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 07D6A604 for ; Sat, 9 Jun 2018 12:51:05 +0000 (UTC) Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247]) by punt24.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w59Cp3ig031208; Sat, 9 Jun 2018 13:51:03 +0100 (BST) (envelope-from user@petertodd.org) Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com [52.5.185.120]) (authenticated bits=0) by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w59Cp0jW046505 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 9 Jun 2018 13:51:01 +0100 (BST) (envelope-from user@petertodd.org) Received: from [127.0.0.1] (localhost [127.0.0.1]) by petertodd.org (Postfix) with ESMTPSA id 6F53A400FB; Sat, 9 Jun 2018 12:51:00 +0000 (UTC) Received: by localhost (Postfix, from userid 1000) id A2ECE22043; Sat, 9 Jun 2018 08:50:58 -0400 (EDT) Date: Sat, 9 Jun 2018 08:50:58 -0400 From: Peter Todd To: Sergio Demian Lerner Message-ID: <20180609125058.sk3rdoyl7li73qdo@petertodd.org> References: <20180607171311.6qdjohfuuy3ufriv@petertodd.org> <20180607222028.zbva4vrv64dzrmxy@petertodd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="aq2kv5qp3v6gcggu" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-Server-Quench: c3c18aaa-6be3-11e8-8791-0015176ca198 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZIVwkA IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdgsUEkAaAgsB Am4bWldeVVx7WWE7 bghPaBtcak9QXgdq T0pMXVMcUwBhclwB XHkeVh93dwAIcXdy ZAgxXSNaVBUrJFt7 EBtXCGwHMG99YGcW UV1YdwJRcQRMLU5E Y1gxNiYHcQ5VPz4z GA41ejw8IwAXFD5I WR0AIRoXTFwIGjN0 WwoPEH0jEFUZR209 KAZuMVcSEQ4NIg0z N1AlREkZNBlwQhVE GEZDG2dGJkUBQDc3 RQoSRkkQDHVTRj1f agAA X-Authentic-SMTP: 61633532353630.1038:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 52.5.185.120/25 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: bitcoin-dev Subject: Re: [bitcoin-dev] Trusted merkle tree depth for safe tx inclusion proofs without a soft fork X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2018 12:51:06 -0000 --aq2kv5qp3v6gcggu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jun 09, 2018 at 01:03:53PM +0200, Sergio Demian Lerner wrote: > Hi Peter, > We reported this as CVE-2017-12842, although it may have been known by > developers before us. It's been known so long ago that I incorrectly thought the attack was ok to discuss in public; I had apparently incorrectly remembered a conversation I= had with Greg Maxwell over a year ago where I thought he said it was fine to discuss because it was well known. My apologies to anyone who thinks my post was jumping the gun by discussing this in public; cats out of the bag now anyway. > There are hundreds of SPV wallets out there, without even considering oth= er > more sensitive systems relying on SPV proofs. > As I said we, at RSK, discovered this problem in 2017. For RSK it's very > important this is fixed because our SPV bridge uses SPV proofs. > I urge all people participating in this mailing list and the rest of the > Bitcoin community to work on this issue for the security and clean-design > of Bitcoin. My post is arguing that we *don't* need to fix the attack, because we can m= ake pruned nodes invulerable to it while retaining the ability to verify merkle path tx inclusion proofs. As for SPV, there is no attack to fix: they can be attacked at much lower c= ost by simply generating fake blocks. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --aq2kv5qp3v6gcggu Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEFcyURjhyM68BBPYTJIFAPaXwkfsFAlsbzS8ACgkQJIFAPaXw kfsaSQf/T3IEcE4yl4Xna/Su70C7y1jOCHK2wTLK/Zd4xwm2GwRUutmEthDwcDHp JJNgNMd9bkBQqXPTlWlnL602nXurLfyGfwoi9GG7Kg27vfqaFtod/nD/uKlUf4I4 Gep6J4mCGu0tAT3J0wG2rmAzWetXfgYCahvc12rsnWop1/kRDGuzmWHQPR6C0Nwx DoIESSNArAJedP+ACdQ5vLhgYKjlPzilVD9sql8egxKolE7Mx4E2XuqZVdCaHPfi +smO/lS82umXzoCXQcaoz3JfBVG45Tsl4+Czt//Wmn+d47B/h7k7M9KZMKycRGCf V7dkzOlRlGkEypNarMY0T2d56Xq18Q== =SFsE -----END PGP SIGNATURE----- --aq2kv5qp3v6gcggu--