summaryrefslogtreecommitdiff
path: root/da/fe4dd53ce1f079262df51d1a1a313f6947fb33
blob: f5f42be15fd51e66dd48e1f553b24c367beea77d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
Return-Path: <contact@taoeffect.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 5402093E
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  6 Jun 2017 22:39:30 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from homiemail-a38.g.dreamhost.com (homie.mail.dreamhost.com
	[208.97.132.208])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 904F915F
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  6 Jun 2017 22:39:29 +0000 (UTC)
Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 12E6D10AFBD
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  6 Jun 2017 15:39:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=taoeffect.com; h=from
	:content-type:mime-version:subject:message-id:date:to; s=
	taoeffect.com; bh=H4U9pMg2zgXM7zP6kzTAxwaNhrQ=; b=St2LFZXl5IyS/V
	3+XhVq4z+Ku9LWpz9JhsDenPmlThL9acbO4xjNMoKkAuCsrWFhsuQsygH4cn2/TC
	riVROIxsXwLmWMYnXfCKdo1qfSY/cSCFPgKRs+XfxJ7LJkbYwEJFWDzgUdpeRvhO
	NGnl5/DRgRV6wpwGnAlUs80sw5Etg=
Received: from [192.168.42.64] (184-23-255-227.fiber.dynamic.sonic.net
	[184.23.255.227])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: contact@taoeffect.com)
	by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id EB2CF10AFB0
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue,  6 Jun 2017 15:39:28 -0700 (PDT)
From: Tao Effect <contact@taoeffect.com>
Content-Type: multipart/signed;
	boundary="Apple-Mail=_18904166-6865-4812-ADAC-2AA8A3C86F3A";
	protocol="application/pgp-signature"; micalg=pgp-sha512
X-Mao-Original-Outgoing-Id: 518481568.273181-4d665d410cc8ff134ddf24667c0a41b6
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <31833011-7179-49D1-A07E-8FD9556C4534@taoeffect.com>
Date: Tue, 6 Jun 2017 15:39:28 -0700
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
X-Mailer: Apple Mail (2.3273)
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 06 Jun 2017 22:45:02 +0000
Subject: [bitcoin-dev] Replay attacks make BIP148 and BIP149 untennable
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 22:39:30 -0000


--Apple-Mail=_18904166-6865-4812-ADAC-2AA8A3C86F3A
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_BD4A37B1-E1FD-474F-956F-BEB549195C3F"


--Apple-Mail=_BD4A37B1-E1FD-474F-956F-BEB549195C3F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

This is just me putting in my formal objection to BIP148 and BIP149 =
based on my experience with the ETH/ETC hard fork and involvement in =
that drama.

First, it's important to note that ETC/ETH HF is a very different =
situation from BIP148 and all other soft-forks. To those on this mailing =
list, the reasons should be self-evident (one results in two =
incompatible chains, the other doesn't).

However, replay attacks are common to both possibilities (i.e. when =
BIP148 has <51% hash power).

I believe the severity of replay attacks is going unvoiced and is not =
understood within the bitcoin community because of their lack of =
experience with them.

I further believe that replay attacks are the #1 issue with BIP148, =
BIP149, etc., superseding wipeout attacks in severity.

These are not baseless beliefs, they're born out of experience and I =
think anyone will reach the same conclusion upon study.

In a nutshell, replay attacks mean that all talk of there being =
potentially "two coins" as a result of BIP148 is basically nonsense.

Replay attacks effectively eliminate that possibility.

When users go to "sell their legacy coins", they've just sold their 148 =
coins, and vice versa.

Both of the coin-splitting techniques given so far by the proponents =
BIP148 are also untenable:

- Double-spending to self with nLockTime txns is insanely complicated, =
risky, not guaranteed to work, extremely time consuming, and would =
likely result in a massive increase in backlogged transactions and =
increased fees.

- Mixing with 148 coinbase txns destroys fungibility.

Without a coin, there is no real threat from BIP148. Without that =
threat, there is no point to BIP148, and the miners know this.

These and other concerns are outlined and explained in more detail in =
this conversation I had yesterday with John Light:

https://www.youtube.com/watch?v=3D33rL3-p8cPw =
<https://www.youtube.com/watch?v=3D33rL3-p8cPw>

Cheers,
Greg Slepak

--
Please do not email me anything that you are not comfortable also =
sharing with the NSA.


--Apple-Mail=_BD4A37B1-E1FD-474F-956F-BEB549195C3F
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" content=3D"text/html=
 charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii" class=3D""><meta http-equiv=3D"Content-Type" =
content=3D"text/html charset=3Dus-ascii" class=3D""><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space;" class=3D"">This is just me =
putting in my formal objection to BIP148 and BIP149 based on my =
experience with the ETH/ETC hard fork and involvement in that drama.<div =
class=3D""><br class=3D""></div><div class=3D"">First, it's important to =
note that ETC/ETH HF is a very different situation from BIP148 and all =
other soft-forks. To those on this mailing list, the reasons should be =
self-evident (one results in two incompatible chains, the other =
doesn't).</div><div class=3D""><br class=3D""></div><div =
class=3D"">However, replay attacks are common to both possibilities =
(i.e. when BIP148 has &lt;51% hash power).</div><div class=3D""><br =
class=3D""></div><div class=3D"">I believe the severity of replay =
attacks is going unvoiced and is not understood within the bitcoin =
community because of their lack of experience with them.</div><div =
class=3D""><br class=3D""></div><div class=3D"">I further believe that =
replay attacks are the #1 issue with BIP148, BIP149, etc., superseding =
wipeout attacks in severity.</div><div class=3D""><br =
class=3D""></div><div class=3D"">These are not baseless beliefs, they're =
born out of experience and I think anyone will reach the same conclusion =
upon study.</div><div class=3D""><br class=3D""></div><div class=3D"">In =
a nutshell, replay attacks mean that all talk of there being potentially =
"two coins" as a result of BIP148 is basically nonsense.</div><div =
class=3D""><br class=3D""></div><div class=3D"">Replay attacks =
effectively eliminate that possibility.</div><div class=3D""><br =
class=3D""></div><div class=3D"">When users go to "sell their legacy =
coins", they've just sold their 148 coins, and vice versa.</div><div =
class=3D""><br class=3D""></div><div class=3D"">Both of the =
coin-splitting techniques given so far by the proponents BIP148 are also =
untenable:</div><div class=3D""><br class=3D""></div><div class=3D"">- =
Double-spending to self with nLockTime txns is insanely complicated, =
risky, not guaranteed to work, extremely time consuming, and would =
likely result in a massive increase in backlogged transactions and =
increased fees.</div><div class=3D""><br class=3D""></div><div =
class=3D"">- Mixing with 148 coinbase txns destroys =
fungibility.</div><div class=3D""><br class=3D""></div><div =
class=3D"">Without a coin, there is no real threat from BIP148. Without =
that threat, there is no point to BIP148, and the miners know =
this.</div><div class=3D""><br class=3D""></div><div class=3D"">These =
and other concerns are outlined and explained in more detail in this =
conversation I had yesterday with John Light:</div><div class=3D""><br =
class=3D""></div><div class=3D""><a =
href=3D"https://www.youtube.com/watch?v=3D33rL3-p8cPw" =
class=3D"">https://www.youtube.com/watch?v=3D33rL3-p8cPw</a></div><div =
class=3D""><br class=3D""></div><div class=3D"">Cheers,</div><div =
class=3D"">Greg Slepak</div><div class=3D""><div class=3D"">
<span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
14px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; font-variant-ligatures: normal; =
font-variant-position: normal; font-variant-numeric: normal; =
font-variant-alternates: normal; font-variant-east-asian: normal; =
line-height: normal; orphans: 2; widows: 2;" class=3D""><br =
class=3D"Apple-interchange-newline">--</span><br style=3D"color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D""><span style=3D"color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D"">Please do not email me anything that you are not =
comfortable also sharing</span><span style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
font-variant-ligatures: normal; font-variant-position: normal; =
font-variant-numeric: normal; font-variant-alternates: normal; =
font-variant-east-asian: normal; line-height: normal; orphans: 2; =
widows: 2;" class=3D"">&nbsp;with the NSA.</span>
</div>

<br class=3D""></div></div></body></html>=

--Apple-Mail=_BD4A37B1-E1FD-474F-956F-BEB549195C3F--

--Apple-Mail=_18904166-6865-4812-ADAC-2AA8A3C86F3A
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZNy8gAAoJEOxnICvpCVJH8rgP/1dlob+uZotnWwrKRjjeppSx
p1gb1A00swPNGakoy+zbSvm3TA2tXRDa5wYL7h9tY5Gb+waARoVpE+SKyGNp9190
d106zS/VN8FK+DUtjlK3h1hmBHjGgSJktLW+diftS+3Mru6yl91gPyPOqHiO7BfM
1sjzca63yHd5+O9mA9ofeod4b4woviZGoZGApSY5MjCRBGnJyprOH86p2cIPvS6B
CwydYE2bxXY4soJM8bIB/S2qD7pd8SqCvRm+KN270AbQQMvCPRfvChoAHr7yLKX0
3t7OGrmq+y7wu5rlaCWE6zOPuTqyYhqeY94yAdiEYeXgjUwY3vHjBNrGNeEDIMdP
4O3kmnDU3whycwY+r+7Rz0izbDFMZs6ZU9Y4GxvSy2vAOPM1DZ8FgWdPBxXgb7Ka
rMrK4kQjYsLroSo7P/jIZqk9pWr+hzjP3pY/0q8Fz8Sc64Gg7o/kH2Y4KqFK/RX3
Ka9bjkFiOHILqpnjs5F/4xX91HCmOu4Lmwe/tEXX+pu2u6gJImO4PkgAV3/YM2jf
3VPuGWgkwg133WsKjX7o50hEkv2JDM5oQD01W0iUZPx4EAeNEV+0h13OV6SfSB1X
+H/tOCOAyg8SgaWIoTST4UnDjDgIFFbsFPRdwha58uozrl0pK8U27NOq7xxrrsQ4
Hbj8PG559oPdILpbiQot
=UhKq
-----END PGP SIGNATURE-----

--Apple-Mail=_18904166-6865-4812-ADAC-2AA8A3C86F3A--