1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
|
Return-Path: <contact@taoeffect.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 7E72ABA2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 7 Jun 2017 00:38:04 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from homiemail-a38.g.dreamhost.com (homie.mail.dreamhost.com
[208.97.132.208])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8D8A8A6
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 7 Jun 2017 00:38:03 +0000 (UTC)
Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1])
by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 098AE10AFB5;
Tue, 6 Jun 2017 17:38:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h=
content-type:mime-version:subject:from:in-reply-to:date:cc
:message-id:references:to; s=taoeffect.com; bh=7NNOabpyCViORsOFp
+1AZUyKKow=; b=fqjoTZ1onRsNtcDY5XigFtkaOD0nGNJypyG+zFpMTSUjVbuwj
wG4L2Adyp+bq4iMy9DhcA0gEu60acugNLAdZkLGunqudZ/tNmhB3B/jhuMllxQYu
zd60uLI0qG2rXwfDPiJQOLH7UXMNvIqd3aDs7ivIC9+yuSQKDulkycU8HA=
Received: from [192.168.42.64] (184-23-255-227.fiber.dynamic.sonic.net
[184.23.255.227])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender: contact@taoeffect.com)
by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id C9E6B10AFB0;
Tue, 6 Jun 2017 17:38:02 -0700 (PDT)
Content-Type: multipart/signed;
boundary="Apple-Mail=_48577BF8-3593-4284-8308-909190857EDF";
protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Tao Effect <contact@taoeffect.com>
In-Reply-To: <lY1DxlDe2AacxKRcsB8DG2WvQK5wVnJdl46pE9Np9aGyTD560eDpJEvXZTNfKxSvulsGJOv3J4lrv14plchXfZh5JyYPLCNPATRMFUdu_h8=@protonmail.com>
Date: Tue, 6 Jun 2017 17:38:02 -0700
X-Mao-Original-Outgoing-Id: 518488681.78974-af09b9b6b299e0f06306f8a59ef62ec9
Message-Id: <530153E9-1F86-4B21-A43D-72325EF1F811@taoeffect.com>
References: <31833011-7179-49D1-A07E-8FD9556C4534@taoeffect.com>
<20170606232015.GA11830@erisian.com.au>
<38DDC3A2-2727-477E-A6FF-7638842AAB03@taoeffect.com>
<w5Ywd9qPblH4-m68BQC58FfV4fNFOCPUkUIOsNOz8-0uJQLjIaG5JevhRv1x_0cqtcZvRsKYQTy-EuBTjzJL-DuSX7dsHuoMfw-68cweBOk=@protonmail.com>
<78F1D626-0D38-48FD-B2AF-378765182751@taoeffect.com>
<oSkyoMQ0QQadP3ZDrIU_Xw0sEG8lv5q3B5Kjwnu_MIkvUGmg9TrDn1myLeRhPhyPpGbAgp1QWkerbp76jjptWhh4jz3JXjVycXuXZkxodG8=@protonmail.com>
<52DF2F59-49DF-4F90-B2A6-AF903EACE6A0@taoeffect.com>
<lY1DxlDe2AacxKRcsB8DG2WvQK5wVnJdl46pE9Np9aGyTD560eDpJEvXZTNfKxSvulsGJOv3J4lrv14plchXfZh5JyYPLCNPATRMFUdu_h8=@protonmail.com>
To: Kekcoin <kekcoin@protonmail.com>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 07 Jun 2017 12:52:53 +0000
Cc: "bitcoin-dev@lists.linuxfoundation.org"
<bitcoin-dev@lists.linuxfoundation.org>, Anthony Towns <aj@erisian.com.au>
Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 00:38:04 -0000
--Apple-Mail=_48577BF8-3593-4284-8308-909190857EDF
Content-Type: multipart/alternative;
boundary="Apple-Mail=_03CBB311-6268-4F78-9AFD-974CE559FEDC"
--Apple-Mail=_03CBB311-6268-4F78-9AFD-974CE559FEDC
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> Please read my email more carefully; the replay threat would be moot =
because there would be no alternative chain to replay the TX on,
In order to *get to that point*, you need >51%.
Not only that, but, if you started out with <51%, then you need >>51% in =
order to *catch up* and replace the large number of blocks added to the =
legacy chain in the mean time.
So, since >51% is _required_ for BIP148 to succeed (and likely >>51%)... =
you might as well do as SegWit did originally, or lower the threshold to =
80% or something (as BIP91 does).
Without replay protection at the outset, BIP148, as far as I can tell, =
isn't a threat to miners.
--
Please do not email me anything that you are not comfortable also =
sharing with the NSA.
> On Jun 6, 2017, at 5:29 PM, Kekcoin <kekcoin@protonmail.com =
<mailto:kekcoin@protonmail.com>> wrote:
>=20
> Please read my email more carefully; the replay threat would be moot =
because there would be no alternative chain to replay the TX on, as the =
non-148 chain would have been reorganized into oblivion.
>=20
>=20
> Sent with ProtonMail <https://protonmail.com/> Secure Email.
>=20
>> -------- Original Message --------
>> Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and BIP149 =
untennable
>> Local Time: June 7, 2017 3:26 AM
>> UTC Time: June 7, 2017 12:26 AM
>> From: contact@taoeffect.com <mailto:contact@taoeffect.com>
>> To: Kekcoin <kekcoin@protonmail.com <mailto:kekcoin@protonmail.com>>
>> Anthony Towns <aj@erisian.com.au <mailto:aj@erisian.com.au>>, =
bitcoin-dev@lists.linuxfoundation.org =
<mailto:bitcoin-dev@lists.linuxfoundation.org> =
<bitcoin-dev@lists.linuxfoundation.org =
<mailto:bitcoin-dev@lists.linuxfoundation.org>>
>>=20
>> I don't know what you mean by "render the replay threat moot."
>>=20
>> If you don't have replay protection, replay is always a threat. A =
very serious one.
>>=20
>> --
>> Please do not email me anything that you are not comfortable also =
sharing with the NSA.
>>=20
>>> On Jun 6, 2017, at 5:19 PM, Kekcoin <kekcoin@protonmail.com =
<mailto:kekcoin@protonmail.com>> wrote:
>>>=20
>>> Hmm, that's not the difference I was talking about. I was referring =
to the fact that using "post-chainsplit coinbases from the non-148 =
chain" to unilaterally (ie. can be done without action on the 148-chain) =
taint coins is more secure in extreme-adverserial cases such as =
secret-mining reorg attacks (as unfeasibly expensive they may be); the =
only large-scale (>100 block) reorganization the non-148 chain faces =
should be a resolution of the chainsplit and therefore render the replay =
threat moot.
>>>=20
>=20
--Apple-Mail=_03CBB311-6268-4F78-9AFD-974CE559FEDC
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" content=3D"text/html=
charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" =
content=3D"text/html charset=3Dus-ascii"><meta http-equiv=3D"Content-Type"=
content=3D"text/html charset=3Dus-ascii"></head><body style=3D"word-wrap:=
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space;" class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D"">Please read my email more carefully; the replay threat would =
be moot because there would be no alternative chain to replay the TX =
on,</div></blockquote><div class=3D""><br class=3D""></div>In order to =
*get to that point*, you need >51%.<div class=3D""><br =
class=3D""></div><div class=3D"">Not only that, but, if you started out =
with <51%, then you need >>51% in order to *catch up* and =
replace the large number of blocks added to the legacy chain in the mean =
time.</div><div class=3D""><br class=3D""></div><div class=3D"">So, =
since >51% is _required_ for BIP148 to succeed (and likely =
>>51%)... you might as well do as SegWit did originally, or lower =
the threshold to 80% or something (as BIP91 does).</div><div =
class=3D""><br class=3D""></div><div class=3D"">Without replay =
protection at the outset, BIP148, as far as I can tell, isn't a threat =
to miners.<br class=3D""><div class=3D"">
<span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
14px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; font-variant-ligatures: normal; =
font-variant-position: normal; font-variant-numeric: normal; =
font-variant-alternates: normal; font-variant-east-asian: normal; =
line-height: normal; orphans: 2; widows: 2;" class=3D""><br =
class=3D"Apple-interchange-newline">--</span><br style=3D"color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""><span style=3D"color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D"">Please do not email me anything that you are not =
comfortable also sharing</span><span style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""> with the NSA.</span>
</div>
<br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Jun 6, 2017, at 5:29 PM, Kekcoin <<a =
href=3D"mailto:kekcoin@protonmail.com" =
class=3D"">kekcoin@protonmail.com</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><div class=3D"">Please=
read my email more carefully; the replay threat would be moot because =
there would be no alternative chain to replay the TX on, as the non-148 =
chain would have been reorganized into oblivion.<br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D" =
protonmail_signature_block"><div class=3D"protonmail_signature_block-user =
protonmail_signature_block-empty"><br class=3D""></div><div =
class=3D"protonmail_signature_block-proton ">Sent with <a =
href=3D"https://protonmail.com/" class=3D"">ProtonMail</a> Secure =
Email.<br class=3D""></div></div><div class=3D""><br =
class=3D""></div><blockquote class=3D"protonmail_quote" type=3D"cite"><div=
class=3D"">-------- Original Message --------<br class=3D""></div><div =
class=3D"">Subject: Re: [bitcoin-dev] Replay attacks make BIP148 and =
BIP149 untennable<br class=3D""></div><div class=3D"">Local Time: June =
7, 2017 3:26 AM<br class=3D""></div><div class=3D"">UTC Time: June 7, =
2017 12:26 AM<br class=3D""></div><div class=3D"">From: <a =
href=3D"mailto:contact@taoeffect.com" =
class=3D"">contact@taoeffect.com</a><br class=3D""></div><div =
class=3D"">To: Kekcoin <<a href=3D"mailto:kekcoin@protonmail.com" =
class=3D"">kekcoin@protonmail.com</a>><br class=3D""></div><div =
class=3D"">Anthony Towns <<a href=3D"mailto:aj@erisian.com.au" =
class=3D"">aj@erisian.com.au</a>>, <a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" =
class=3D"">bitcoin-dev@lists.linuxfoundation.org</a> <<a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" =
class=3D"">bitcoin-dev@lists.linuxfoundation.org</a>><br =
class=3D""></div><div class=3D""><br class=3D""></div><div class=3D"">I =
don't know what you mean by "render the replay threat moot."<br =
class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><div=
class=3D"">If you don't have replay protection, replay is always a =
threat. A very serious one.<br class=3D""></div><div class=3D""><div =
class=3D""><span class=3D"colour" style=3D""><span class=3D"font" =
style=3D"font-family:Helvetica"><span class=3D"size" =
style=3D"font-size:14px"><br =
class=3D"Apple-interchange-newline">--</span></span></span></div><div =
class=3D""><span class=3D"colour" style=3D""><span class=3D"font" =
style=3D"font-family:Helvetica"><span class=3D"size" =
style=3D"font-size:14px">Please do not email me anything that you are =
not comfortable also sharing</span></span></span><span class=3D"colour" =
style=3D""><span class=3D"font" style=3D"font-family:Helvetica"><span =
class=3D"size" style=3D"font-size:14px"> with the =
NSA.</span></span></span><br class=3D""></div></div><div class=3D""><br =
class=3D""></div><div class=3D""><blockquote class=3D"" type=3D"cite"><div=
class=3D"">On Jun 6, 2017, at 5:19 PM, Kekcoin <<a class=3D"" =
href=3D"mailto:kekcoin@protonmail.com" rel=3D"noreferrer nofollow =
noopener">kekcoin@protonmail.com</a>> wrote:<br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D""><div class=3D"">Hmm, =
that's not the difference I was talking about. I was referring to the =
fact that using "post-chainsplit coinbases from the non-148 chain" to =
unilaterally (ie. can be done without action on the 148-chain) taint =
coins is more secure in extreme-adverserial cases such as secret-mining =
reorg attacks (as unfeasibly expensive they may be); the only =
large-scale (>100 block) reorganization the non-148 chain faces =
should be a resolution of the chainsplit and therefore render the replay =
threat moot.<br class=3D""></div><div class=3D""><br =
class=3D""></div></div></blockquote></div></div></blockquote><div =
class=3D""><br class=3D""></div></div></blockquote></div><br =
class=3D""></div></body></html>=
--Apple-Mail=_03CBB311-6268-4F78-9AFD-974CE559FEDC--
--Apple-Mail=_48577BF8-3593-4284-8308-909190857EDF
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZN0rpAAoJEOxnICvpCVJHHpkP/AtA2Jr/c2FiGgT8M6vF1ADS
3n6WZKNiQ3DpbDcM9myjfwHswXwXGzEO+Ob5tUg7dUcFg39/UlSPIjIFguAlnWoJ
ZN1x+Zfa5BVSMvbdpD07zXLml76ZYmSPZzRuol8cu6rfjgAmZx67go3aZiFXbvrW
7gb66cAmb8KFGXGtD7/N53L1D4dNIL39LxySz10QZfTNZtVKH2BzDz4E8InIePpu
9wXoIXoGl2FObdSd1qf9cKyTnU8KaUUqiNZ+MAok/FPpmVtfRWabBlFbTs7hxrNb
y0PurlwyNLQJKEChJMnUKIZIXHVmNVVL8IiB81/IroWkEk3Fg3Gm9xs2GTk9PhmW
Ki+9hp7vo1xaiUC3IOeG7+hOQNio5yrOjWS3PLJUhqo6qK/2YOClwWgwN0+z6GyJ
2ad3E7C/6PkpbkhDmeKXV2bvuJ8kNoc6O84/RS2kkRWDF3wSWmOLYH6v0+tHn4He
dnWVVuP8BO1oeJlP4j4x08nda8N0TnM8Thv2xoDO+gEviPCqp5yQLPjpJGBqRSOV
iw+eGPykk6ZYuMMCRDpWpnlQP38ytBC9PgpyWext2YGRyg53KxDtiVB+dtRYDJdy
KJnyx5ffJGoFsA1puQ1S/huK/Zv4oppimbw+m2nW6rP8XXA8Ps93I4yoPgU+XulD
yG64XxTcWT2bZon8Eu8m
=memG
-----END PGP SIGNATURE-----
--Apple-Mail=_48577BF8-3593-4284-8308-909190857EDF--
|
