1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
|
Return-Path: <akaramaoun@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id B5052E2F
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 19 Dec 2015 17:46:03 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com
[209.85.213.174])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 37E18148
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 19 Dec 2015 17:46:03 +0000 (UTC)
Received: by mail-ig0-f174.google.com with SMTP id to4so12635248igc.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 19 Dec 2015 09:46:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:date:message-id:subject
:from:to:cc:content-type;
bh=/G5B9JRmC0uTHy3pRbj9d/YPDjpuWPUvGkZxaxqsJXg=;
b=ZfoIab8oQE1Nhb3eG9BAofuvILxrSQTvnMihGJDXNP8GKWZ6uEZY2FfUItQr9dGCvg
RjYROZU+I58nRrL6aN7TRZPkr9pnqJXf++p+oaDTR3I1MqCWGHzvKxOPxuC4gBXvemBb
jA3kON5dNAVX4y12UedFVvmH7cy/ictYuYaQnr08uL4YxVY9r7DD2RdHnZTe6BZ7tGO3
r/j8XsS4jui9HGfQiCCC2TN0OVhJCLtcxrpQvzAOo4elnDroO6H29BX7mie6fwnEQTsV
/uBCCY0C4OF3TKP7XUUzJAEjVBWTLzZl9lqVoDdBOYg0tCcnfyMzyZiunr/KEVfgXASw
Gy0g==
MIME-Version: 1.0
X-Received: by 10.50.79.234 with SMTP id m10mr9736973igx.57.1450547162578;
Sat, 19 Dec 2015 09:46:02 -0800 (PST)
Sender: akaramaoun@gmail.com
Received: by 10.107.140.199 with HTTP; Sat, 19 Dec 2015 09:46:02 -0800 (PST)
In-Reply-To: <E76D5BF9-41BF-4AF5-BBAC-06F4EF574EBE@toom.im>
References: <CAPg+sBjJcqeqGLHnPyWt23z3YoCRGozQupuMxy51J_-hdkKBSA@mail.gmail.com>
<E76D5BF9-41BF-4AF5-BBAC-06F4EF574EBE@toom.im>
Date: Sat, 19 Dec 2015 17:46:02 +0000
X-Google-Sender-Auth: wipFF6QWDZEeGLCnfrbPZ1F3Dx0
Message-ID: <CAL8tG=nJ=uUfAzFWwm7WUarUofXDAfJVRCQZJ8xuE7r0RtHogQ@mail.gmail.com>
From: Andrew <onelineproof@gmail.com>
To: Jonathan Toomim <j@toom.im>
Content-Type: multipart/alternative; boundary=089e0122a59c5b077d052743d44d
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Sat, 19 Dec 2015 17:46:52 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] On the security of softforks
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Dec 2015 17:46:03 -0000
--089e0122a59c5b077d052743d44d
Content-Type: text/plain; charset=UTF-8
On Fri, Dec 18, 2015 at 2:47 AM, Jonathan Toomim via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> 1) The risk of an old full node wallet accepting a transaction that is
> invalid to the new rules.
>
> The receiver wallet chooses what address/script to accept coins on.
> They'll upgrade to the new softfork rules before creating an address
> that depends on the softfork's features.
>
> So, not a problem.
>
>
> Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob runs
> the old rules. Bob creates a p2pkh address for Mallory to use. Mallory
> takes 1 BTC, and creates an invalid SegWit transaction that Bob cannot
> properly validate and that pays into one of Mallory's wallets. Mallory then
> immediately spends the unconfirmed transaction into Bob's address. Bob sees
> what appears to be a valid transaction chain which is not actually valid.
>
> What do you mean a valid transaction chain? If Bob is fully validating
(even with old software), he should see that Mallory's signature is not on
a transaction with his address.
Do you mean Mallory creates a regular transaction as well as an
Anyone-can-spend segwit transaction that results in double spending in the
same block?
Sorry not sure what I'm missing...
> Clueless Carol is one of the 4.9% of miners who forgot to upgrade her
> mining node. Carol sees that Mallory included an enormous fee in his
> transactions, so Carol makes sure to include both transactions in her
> block.
>
> Mallory gets free beer.
>
> Anything I'm missing?
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
--
PGP: B6AC 822C 451D 6304 6A28 49E9 7DB7 011C D53B 5647
--089e0122a59c5b077d052743d44d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Fri, Dec 18, 2015 at 2:47 AM, Jonathan Toomim via bitcoin-dev <span =
dir=3D"ltr"><<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" ta=
rget=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>></span> wrote:=
<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-lef=
t:1px #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-word"><spa=
n class=3D""><br><div><div>On Dec 18, 2015, at 10:30 AM, Pieter Wuille via =
bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" ta=
rget=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:</div><=
br><blockquote type=3D"cite"><span style=3D"font-family:Helvetica;font-size=
:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spaci=
ng:normal;line-height:normal;text-align:start;text-indent:0px;text-transfor=
m:none;white-space:normal;word-spacing:0px;float:none;display:inline!import=
ant">1) The risk of an old full node wallet accepting a transaction that is=
</span><br style=3D"font-family:Helvetica;font-size:12px;font-style:normal;=
font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:no=
rmal;text-align:start;text-indent:0px;text-transform:none;white-space:norma=
l;word-spacing:0px"><span style=3D"font-family:Helvetica;font-size:12px;fon=
t-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal=
;line-height:normal;text-align:start;text-indent:0px;text-transform:none;wh=
ite-space:normal;word-spacing:0px;float:none;display:inline!important">inva=
lid to the new rules.</span><br style=3D"font-family:Helvetica;font-size:12=
px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:=
normal;line-height:normal;text-align:start;text-indent:0px;text-transform:n=
one;white-space:normal;word-spacing:0px"><br style=3D"font-family:Helvetica=
;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;le=
tter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;tex=
t-transform:none;white-space:normal;word-spacing:0px"><span style=3D"font-f=
amily:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-w=
eight:normal;letter-spacing:normal;line-height:normal;text-align:start;text=
-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:n=
one;display:inline!important">The receiver wallet chooses what address/scri=
pt to accept coins on.</span><br style=3D"font-family:Helvetica;font-size:1=
2px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing=
:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:=
none;white-space:normal;word-spacing:0px"><span style=3D"font-family:Helvet=
ica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal=
;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;=
text-transform:none;white-space:normal;word-spacing:0px;float:none;display:=
inline!important">They'll upgrade to the new softfork rules before crea=
ting an address</span><br style=3D"font-family:Helvetica;font-size:12px;fon=
t-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal=
;line-height:normal;text-align:start;text-indent:0px;text-transform:none;wh=
ite-space:normal;word-spacing:0px"><span style=3D"font-family:Helvetica;fon=
t-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter=
-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-tr=
ansform:none;white-space:normal;word-spacing:0px;float:none;display:inline!=
important">that depends on the softfork's features.</span><br style=3D"=
font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;=
font-weight:normal;letter-spacing:normal;line-height:normal;text-align:star=
t;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">=
<br style=3D"font-family:Helvetica;font-size:12px;font-style:normal;font-va=
riant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;te=
xt-align:start;text-indent:0px;text-transform:none;white-space:normal;word-=
spacing:0px"><span style=3D"font-family:Helvetica;font-size:12px;font-style=
:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-h=
eight:normal;text-align:start;text-indent:0px;text-transform:none;white-spa=
ce:normal;word-spacing:0px;float:none;display:inline!important">So, not a p=
roblem.</span></blockquote></div><div><br></div></span><div>Mallory wants t=
o defraud Bob with a 1 BTC payment for some beer. Bob runs the old rules. B=
ob creates a p2pkh address for Mallory to use. Mallory takes 1 BTC, and cre=
ates an invalid SegWit transaction that Bob cannot properly validate and th=
at pays into one of Mallory's wallets. Mallory then immediately spends =
the unconfirmed transaction into Bob's address. Bob sees what appears t=
o be a valid transaction chain which is not actually valid.</div><div><br><=
/div></div></blockquote><div>What do you mean a valid transaction chain? If=
Bob is fully validating (even with old software), he should see that Mallo=
ry's signature is not on a transaction with his address.<br><br></div><=
div>Do you mean Mallory creates a regular transaction as well as an Anyone-=
can-spend segwit transaction that results in double spending in the same bl=
ock?<br><br></div><div>Sorry not sure what I'm missing...<br></div><div=
>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-w=
ord"><div></div><div>Clueless Carol is one of the 4.9% of miners who forgot=
to upgrade her mining node. Carol sees that Mallory included an enormous f=
ee in his transactions, so Carol makes sure to include both transactions in=
her block.=C2=A0</div><div><br></div><div>Mallory gets free beer.</div><di=
v><br></div><div>Anything I'm missing?</div></div><br>_________________=
______________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
<br></blockquote></div><br><br clear=3D"all"><br>-- <br><div class=3D"gmail=
_signature">PGP: B6AC 822C 451D 6304 6A28 =C2=A049E9 7DB7 011C D53B 5647</d=
iv>
</div></div>
--089e0122a59c5b077d052743d44d--
|
