path: root/2b/34a99dde684baac5b0084e37784aa3252e3977

Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1Uca2f-0000AZ-1E
	for bitcoin-development@lists.sourceforge.net;
	Wed, 15 May 2013 11:38:45 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.148.95 as permitted sender)
	client-ip=62.13.148.95; envelope-from=pete@petertodd.org;
	helo=outmail148095.authsmtp.com; 
Received: from outmail148095.authsmtp.com ([62.13.148.95])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1Uca2c-0004eH-R3 for bitcoin-development@lists.sourceforge.net;
	Wed, 15 May 2013 11:38:45 +0000
Received: from mail-c232.authsmtp.com (mail-c232.authsmtp.com [62.13.128.232])
	by punt8.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id r4FBca2f092805
	for <bitcoin-development@lists.sourceforge.net>;
	Wed, 15 May 2013 12:38:36 +0100 (BST)
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
	(authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r4FBcRcK001208
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
	for <bitcoin-development@lists.sourceforge.net>;
	Wed, 15 May 2013 12:38:30 +0100 (BST)
Date: Wed, 15 May 2013 07:38:27 -0400
From: Peter Todd <pete@petertodd.org>
To: Bitcoin-Dev <bitcoin-development@lists.sourceforge.net>
Message-ID: <20130515113827.GB26020@savin>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="CdrF4e02JqNVZeln"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: f793df3b-bd53-11e2-b10b-0025903375e2
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVJwpGK10IU0Fd
	P1hXKl1LNVAaWXld WiVPGEoXDxgzCjYj NEgGOBsDNw4AXgB1
	LRkAXVBSFQZ4AB4L BRYUURk8cANYeX5u ZEFqQHFbVVt/fUFi
	QwAWERt0NgUzE2Af UUJYf01ReAFMMElC Y1MrAnBffDdTY3l9
	RlY+ZXU7ZG1VbXwN GFxcdQlJHhsGRChm bSwpVS8iAkQfS209
	KAZuL1cfHUAeel0o NlEoU1scMgQOCwYW E0ZQCitUYkIZSiwn
	DAVVFVAfGXVWRiFS BhwjPh5ODV4aRjBR AlBMQA0ODCVeGCRB Uyc1
X-Authentic-SMTP: 61633532353630.1019:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1Uca2c-0004eH-R3
Subject: [Bitcoin-development] 2BTC reward for making probabalistic
 double-spending via conflicting transactions easy
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2013 11:38:45 -0000


--CdrF4e02JqNVZeln
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Now that I have the replace-by-fee reward, I might as well spread the
wealth a bit.


So for all this discussion about replace-by-fee and the supposed
security of zero-conf transactions, no-one seems to think much about how
in practice very few vendors have a setup to detect if conflicting
transactions were broadcast on the network simultaneously - after all if
that is the case which transaction gets mined is up to chance, so much
of the time you'll get away with a double spend. We don't yet have a
mechanism to propagate double-spend warnings, and funny enough, in the
case of a single txin transaction the double-spend warning is also
enough information to allow miners to implement replace-by-fee.


So I'm offering 2BTC for anyone who comes up with a nice and easy to use
command line tool that lets you automagically create one version of the
transaction sending the coins to the desired recipient, and another
version sending all the coins back to you, both with the same
transaction inputs. In addition to creating the two versions, you need
to find a way to broadcast them both simultaneously to different nodes
on the network. One clever approach might be to use blockchain.info's
raw transaction POST API, and your local Bitcoin node.

If you happen to be at the conference, a cool demo would be to
demonstrate the attack against my Android wallet. I'll buy Bitcoins off
of you at Mt. Gox rates + %10, and you can see if you can rip me off.
Yes, you can keep the loot. :) This should be videotaped so we can put
an educational video on youtube after.

--=20
'peter'[:-1]@petertodd.org
00000000000000bafd0a55f013e058cc2a672ee0c66b9265a02390d80e4748f5

--CdrF4e02JqNVZeln
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBCAAGBQJRk3OzAAoJECSBQD2l8JH73jQH/0ocmPRauMEAnWWggVPTHaO5
rLRvPQRISz0Z6e50JnKoo3djn6kak/dj/p3TPYzg+0Pa/uHsSNVYe6S/l53s7Ew3
t2zjPO6ONIwISzjNCEsf66/1gWIaSMR5bNJdjEWiIz/0UkclYd3t6AQIUQKlZKBY
MOPS+G3i/hoVv1Kk4bUy8fpWIqW5bsLruHlBe7IV0H144CsWq1pqpmel6PEX9jps
IT7lCy5s+999t4qseNvnJDHmYCauqFCtFcLYhfYdpXMoxGd1Op5C7wY4CAzxBAM5
Zo+g6J6hWrzz5ziu70/pQoLElaRcc2wGP7kFl7UM5ZeQQSxuAbK1TOzBTejF5SY=
=4vYf
-----END PGP SIGNATURE-----

--CdrF4e02JqNVZeln--