1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
|
Return-Path: <contact@taoeffect.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 6B20FB5A
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 6 Jun 2017 23:27:37 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from homiemail-a38.g.dreamhost.com (homie.mail.dreamhost.com
[208.97.132.208])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D256518F
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 6 Jun 2017 23:27:36 +0000 (UTC)
Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1])
by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 96C1810AFB5;
Tue, 6 Jun 2017 16:27:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h=
content-type:mime-version:subject:from:in-reply-to:date:cc
:message-id:references:to; s=taoeffect.com; bh=GqRKDp3SXdITeCJ/B
3gU+tggwI0=; b=SHz/JVyHA57ZtHTVTy8gwf5Ne/tZCQxrpDNMKAPFBb0E40M2x
jhQ6z02ufd8mH7ONr9dNXAD+dF7eDwyw/YhWE3RHPN+0b4QKtuRZ2Mrvj+SVeKLm
4CNx6K15JiflLDmJpywRaViNjZgcqHyhS8+gh3XYVkEjcdQIhVBzhXqpMw=
Received: from [192.168.42.64] (184-23-255-227.fiber.dynamic.sonic.net
[184.23.255.227])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender: contact@taoeffect.com)
by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 3490910AFB0;
Tue, 6 Jun 2017 16:27:35 -0700 (PDT)
Content-Type: multipart/signed;
boundary="Apple-Mail=_CF850FAB-DC79-488D-A410-14268AC28F21";
protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <20170606232015.GA11830@erisian.com.au>
Date: Tue, 6 Jun 2017 16:27:33 -0700
X-Mao-Original-Outgoing-Id: 518484453.534158-100fe2ecc5c47234e8b72f1760e3bdb5
Message-Id: <38DDC3A2-2727-477E-A6FF-7638842AAB03@taoeffect.com>
References: <31833011-7179-49D1-A07E-8FD9556C4534@taoeffect.com>
<20170606232015.GA11830@erisian.com.au>
To: Anthony Towns <aj@erisian.com.au>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 06 Jun 2017 23:31:20 +0000
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 23:27:37 -0000
--Apple-Mail=_CF850FAB-DC79-488D-A410-14268AC28F21
Content-Type: multipart/alternative;
boundary="Apple-Mail=_0CD83101-2A35-4251-9FD6-8A17DA62C4EE"
--Apple-Mail=_0CD83101-2A35-4251-9FD6-8A17DA62C4EE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> CoinJoin works as a method of both improving fungibility and mixing =
with
> coinbase transactions.
My understanding is that the two situations are quite different.
Unlike mixing to coin-split, CoinJoin doesn't create a high demand =
exclusively for coinbase transactions.
However, of the proposed methods, coin-mixing seems the better option, =
because it might be reasonably easy (I don't know) for exchanges to =
obtain 148 coinbase coins, and mix their coins with them, extending the =
coin-splitting capability beyond just miner coins and then using that to =
split incoming coins.
That seems like the most reasonable approach I've heard so far. Whether =
exchanges would be willing to do that is a separate question.
> When it's confirmed on one chain, but not on the other, you
> can then "double-spend" on the lower hashrate chain with a higher fee,
> to end up with different coins on both chains.
This method is time consuming and not guaranteed to work. CPFP can be =
used by an attacker to get your original txn into the 148 chain.
> (also, no double-n in untenable)
Why thank you aj, you're so good at spelling. :-)
Cheers,
Greg
--
Please do not email me anything that you are not comfortable also =
sharing with the NSA.
> On Jun 6, 2017, at 4:20 PM, Anthony Towns via bitcoin-dev =
<bitcoin-dev@lists.linuxfoundation.org =
<mailto:bitcoin-dev@lists.linuxfoundation.org>> wrote:
>=20
> On Tue, Jun 06, 2017 at 03:39:28PM -0700, Tao Effect via bitcoin-dev =
wrote:
>> - Mixing with 148 coinbase txns destroys fungibility.
>=20
> CoinJoin works as a method of both improving fungibility and mixing =
with
> coinbase transactions.
>=20
> You probably don't need to do anything clever to split a coin though:
> if you send a transaction with a standard fee it will get confirmed
> in a normal time on the higher hashrate chain, but won't confirm as
> quickly on the lower hashrate chain (precisely because transactions =
are
> valid on both chains, but blocks are found more slowly with the lower
> hashrate). When it's confirmed on one chain, but not on the other, you
> can then "double-spend" on the lower hashrate chain with a higher fee,
> to end up with different coins on both chains.
>=20
> (also, no double-n in untenable)
>=20
> Cheers,
> aj
>=20
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org =
<mailto:bitcoin-dev@lists.linuxfoundation.org>
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--Apple-Mail=_0CD83101-2A35-4251-9FD6-8A17DA62C4EE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" content=3D"text/html=
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><blockquote type=3D"cite" class=3D"">CoinJoin works as a =
method of both improving fungibility and mixing with<br =
class=3D"">coinbase transactions.</blockquote><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><div class=3D"">My =
understanding is that the two situations are quite different.</div><div =
class=3D""><br class=3D""></div><div class=3D"">Unlike mixing to =
coin-split, CoinJoin doesn't create a high demand exclusively for =
coinbase transactions.</div><div class=3D""><br class=3D""></div><div =
class=3D"">However, of the proposed methods, coin-mixing seems the =
better option, because it might be reasonably easy (I don't know) for =
exchanges to obtain 148 coinbase coins, and mix their coins with them, =
extending the coin-splitting capability beyond just miner coins and then =
using that to split incoming coins.</div><div class=3D""><br =
class=3D""></div><div class=3D"">That seems like the most reasonable =
approach I've heard so far. Whether exchanges would be willing to do =
that is a separate question.</div><div class=3D""><br =
class=3D""></div><div class=3D""><blockquote type=3D"cite" class=3D"">When=
it's confirmed on one chain, but not on the other, you<br class=3D"">can =
then "double-spend" on the lower hashrate chain with a higher fee,<br =
class=3D"">to end up with different coins on both =
chains.</blockquote><br class=3D""></div><div class=3D"">This method is =
time consuming and not guaranteed to work. CPFP can be used by an =
attacker to get your original txn into the 148 chain.</div><div =
class=3D""><br class=3D""></div><div class=3D""><blockquote type=3D"cite" =
class=3D"">(also, no double-n in untenable)</blockquote><br =
class=3D""></div><div class=3D"">Why thank you aj, you're so good at =
spelling. :-)</div><div class=3D""><br class=3D""></div><div =
class=3D"">Cheers,</div><div class=3D"">Greg</div><div class=3D"">
<span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
14px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; font-variant-ligatures: normal; =
font-variant-position: normal; font-variant-numeric: normal; =
font-variant-alternates: normal; font-variant-east-asian: normal; =
line-height: normal; orphans: 2; widows: 2;" class=3D""><br =
class=3D"Apple-interchange-newline">--</span><br style=3D"color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""><span style=3D"color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D"">Please do not email me anything that you are not =
comfortable also sharing</span><span style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""> with the NSA.</span>
</div>
<br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Jun 6, 2017, at 4:20 PM, Anthony Towns via bitcoin-dev =
<<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" =
class=3D"">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><div class=3D"">On =
Tue, Jun 06, 2017 at 03:39:28PM -0700, Tao Effect via bitcoin-dev =
wrote:<br class=3D""><blockquote type=3D"cite" class=3D"">- Mixing with =
148 coinbase txns destroys fungibility.<br class=3D""></blockquote><br =
class=3D"">CoinJoin works as a method of both improving fungibility and =
mixing with<br class=3D"">coinbase transactions.<br class=3D""><br =
class=3D"">You probably don't need to do anything clever to split a coin =
though:<br class=3D"">if you send a transaction with a standard fee it =
will get confirmed<br class=3D"">in a normal time on the higher hashrate =
chain, but won't confirm as<br class=3D"">quickly on the lower hashrate =
chain (precisely because transactions are<br class=3D"">valid on both =
chains, but blocks are found more slowly with the lower<br =
class=3D"">hashrate). When it's confirmed on one chain, but not on the =
other, you<br class=3D"">can then "double-spend" on the lower hashrate =
chain with a higher fee,<br class=3D"">to end up with different coins on =
both chains.<br class=3D""><br class=3D"">(also, no double-n in =
untenable)<br class=3D""><br class=3D"">Cheers,<br class=3D"">aj<br =
class=3D""><br =
class=3D"">_______________________________________________<br =
class=3D"">bitcoin-dev mailing list<br class=3D""><a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" =
class=3D"">bitcoin-dev@lists.linuxfoundation.org</a><br class=3D""><a =
href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
class=3D"">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev<=
/a><br class=3D""></div></div></blockquote></div><br =
class=3D""></body></html>=
--Apple-Mail=_0CD83101-2A35-4251-9FD6-8A17DA62C4EE--
--Apple-Mail=_CF850FAB-DC79-488D-A410-14268AC28F21
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZNzplAAoJEOxnICvpCVJHWV0QAIVJxZ17xhVy4ZcjzDSjOC7S
udAhzsoSZs0fud63+T+TSEECTlQkPYptdffuBjHHnTL1U3s+cjmdUSAYoANwl98d
mPFaUKS0Eth0DQNKp4om1hh7CAB5YIItcaXKeKbu/ZssucQlTgYpayRA9NQ9mfXl
EWfjfd7FxY6MkBcQKdvGEzR8vqIQXoIBvaeM7xRubYzdAkBikWTeLRmYybIDp6G0
kGSxwkZneuyGH0eL18ZE0E2DlkLrfLXZJV5VyHPmzbydW8H6MJ22Zts4B+Y8BUus
D6A/qSoTNyhGSHhvqz21HEQ74F2ujHuM75JVfFvmH1viDjHt0FwiYmDs/AiL7Av2
4zi7mQCofeplVm7gc+7+0Sq3th09WrtKi+zkjDDX8YNsk7dWRt7iSDl9r3c1WYhb
Hd5vEh8NpPJvSdXF1qqovKDf3OWBvuKhG7k78eoiOQ3WiQWRPLG/WyW48TVUaKSO
JWij4rK7roeH822pLeSFJshtiU6sDmqbluDqlljhNuEJ/wgy60lhYpTEliv1LXVj
rwptGHGY/4qrgBahfILlNPTG1viq5VwGkvkBPu3t2asV2WyvSowQ5eBYFUBlCQAg
j8S5p1LSAJw6QAL2kHNKXv00k2nlmBmvVAUxJvYs0ZzrZ7T7CP0dNFq9P4IWORI6
6qddPtGplB088gu07jA9
=Ao9g
-----END PGP SIGNATURE-----
--Apple-Mail=_CF850FAB-DC79-488D-A410-14268AC28F21--
|