1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
Return-Path: <user@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id A8F2E17B9
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 9 Jun 2018 12:51:06 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from outmail149080.authsmtp.com (outmail149080.authsmtp.com
[62.13.149.80])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 07D6A604
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 9 Jun 2018 12:51:05 +0000 (UTC)
Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247])
by punt24.authsmtp.com. (8.15.2/8.15.2) with ESMTP id w59Cp3ig031208;
Sat, 9 Jun 2018 13:51:03 +0100 (BST)
(envelope-from user@petertodd.org)
Received: from petertodd.org (ec2-52-5-185-120.compute-1.amazonaws.com
[52.5.185.120]) (authenticated bits=0)
by mail.authsmtp.com (8.15.2/8.15.2) with ESMTPSA id w59Cp0jW046505
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Sat, 9 Jun 2018 13:51:01 +0100 (BST)
(envelope-from user@petertodd.org)
Received: from [127.0.0.1] (localhost [127.0.0.1])
by petertodd.org (Postfix) with ESMTPSA id 6F53A400FB;
Sat, 9 Jun 2018 12:51:00 +0000 (UTC)
Received: by localhost (Postfix, from userid 1000)
id A2ECE22043; Sat, 9 Jun 2018 08:50:58 -0400 (EDT)
Date: Sat, 9 Jun 2018 08:50:58 -0400
From: Peter Todd <pete@petertodd.org>
To: Sergio Demian Lerner <sergio.d.lerner@gmail.com>
Message-ID: <20180609125058.sk3rdoyl7li73qdo@petertodd.org>
References: <20180607171311.6qdjohfuuy3ufriv@petertodd.org>
<CAHUJnBB7UL3mH6SixP_M4yooMVP3DgZa+5hiQOmF=AiqfdpfOg@mail.gmail.com>
<20180607222028.zbva4vrv64dzrmxy@petertodd.org>
<CAHUJnBCj8wnjP1=jobfpg7jkfjkX9iSBLeeAOyQCpobh6-AhUA@mail.gmail.com>
<CAKzdR-paqYgOxToikaVD=0GMsCjHBaynX3WgB-CN6Sn7B7kRXw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="aq2kv5qp3v6gcggu"
Content-Disposition: inline
In-Reply-To: <CAKzdR-paqYgOxToikaVD=0GMsCjHBaynX3WgB-CN6Sn7B7kRXw@mail.gmail.com>
User-Agent: NeoMutt/20170113 (1.7.2)
X-Server-Quench: c3c18aaa-6be3-11e8-8791-0015176ca198
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZIVwkA IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aQdMdgsUEkAaAgsB Am4bWldeVVx7WWE7 bghPaBtcak9QXgdq
T0pMXVMcUwBhclwB XHkeVh93dwAIcXdy ZAgxXSNaVBUrJFt7
EBtXCGwHMG99YGcW UV1YdwJRcQRMLU5E Y1gxNiYHcQ5VPz4z
GA41ejw8IwAXFD5I WR0AIRoXTFwIGjN0 WwoPEH0jEFUZR209
KAZuMVcSEQ4NIg0z N1AlREkZNBlwQhVE GEZDG2dGJkUBQDc3
RQoSRkkQDHVTRj1f agAA
X-Authentic-SMTP: 61633532353630.1038:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 52.5.185.120/25
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Trusted merkle tree depth for safe tx inclusion
proofs without a soft fork
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jun 2018 12:51:06 -0000
--aq2kv5qp3v6gcggu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Jun 09, 2018 at 01:03:53PM +0200, Sergio Demian Lerner wrote:
> Hi Peter,
> We reported this as CVE-2017-12842, although it may have been known by
> developers before us.
It's been known so long ago that I incorrectly thought the attack was ok to
discuss in public; I had apparently incorrectly remembered a conversation I=
had
with Greg Maxwell over a year ago where I thought he said it was fine to
discuss because it was well known.
My apologies to anyone who thinks my post was jumping the gun by discussing
this in public; cats out of the bag now anyway.
> There are hundreds of SPV wallets out there, without even considering oth=
er
> more sensitive systems relying on SPV proofs.
> As I said we, at RSK, discovered this problem in 2017. For RSK it's very
> important this is fixed because our SPV bridge uses SPV proofs.
> I urge all people participating in this mailing list and the rest of the
> Bitcoin community to work on this issue for the security and clean-design
> of Bitcoin.
My post is arguing that we *don't* need to fix the attack, because we can m=
ake
pruned nodes invulerable to it while retaining the ability to verify merkle
path tx inclusion proofs.
As for SPV, there is no attack to fix: they can be attacked at much lower c=
ost
by simply generating fake blocks.
--=20
https://petertodd.org 'peter'[:-1]@petertodd.org
--aq2kv5qp3v6gcggu
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEFcyURjhyM68BBPYTJIFAPaXwkfsFAlsbzS8ACgkQJIFAPaXw
kfsaSQf/T3IEcE4yl4Xna/Su70C7y1jOCHK2wTLK/Zd4xwm2GwRUutmEthDwcDHp
JJNgNMd9bkBQqXPTlWlnL602nXurLfyGfwoi9GG7Kg27vfqaFtod/nD/uKlUf4I4
Gep6J4mCGu0tAT3J0wG2rmAzWetXfgYCahvc12rsnWop1/kRDGuzmWHQPR6C0Nwx
DoIESSNArAJedP+ACdQ5vLhgYKjlPzilVD9sql8egxKolE7Mx4E2XuqZVdCaHPfi
+smO/lS82umXzoCXQcaoz3JfBVG45Tsl4+Czt//Wmn+d47B/h7k7M9KZMKycRGCf
V7dkzOlRlGkEypNarMY0T2d56Xq18Q==
=SFsE
-----END PGP SIGNATURE-----
--aq2kv5qp3v6gcggu--
|