Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 60507FFF for ; Tue, 29 Dec 2015 05:36:12 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from outmail149101.authsmtp.com (outmail149101.authsmtp.com [62.13.149.101]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 70A8AA5 for ; Tue, 29 Dec 2015 05:36:11 +0000 (UTC) Received: from mail-c247.authsmtp.com (mail-c247.authsmtp.com [62.13.128.247]) by punt21.authsmtp.com (8.14.2/8.14.2/) with ESMTP id tBT5a9Gi014304 for ; Tue, 29 Dec 2015 05:36:09 GMT Received: from muck ([24.114.23.118]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id tBT5a0Qn045532 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 29 Dec 2015 05:36:04 GMT Date: Mon, 28 Dec 2015 21:35:59 -0800 From: Peter Todd To: Bitcoin Dev Message-ID: <20151229053559.GA8657@muck> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO" Content-Disposition: inline X-Server-Quench: 0e157fdd-adee-11e5-bcde-0015176ca198 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVJwpGK10IU0Fd P1hyKltILEZaQVBf Ri5dBBEKBAw1ADwr dVUTOktfa1U6ClZ1 UkhIR0JSEQ9rBxYB A1AcVgdzdgFYen1u ZEdqQXVTW1t7OwIP JksFFQxYZWNlbWMd HkJcdwcacFZLexgT PgRiBSdYNHgGZy9l WgU4Mz10ZW0GdX0K HAoEdANCV3kGVjU1 QVgeBzQxHEQBQzR7 IR02YkcBFUoLO1kz OhMKeX8zECQzJUVB Hl1NSCYRPFgEXy4m RRhdU1JbHjpHQkUU BxokIxFZAzpdEihF H1cNcBAADSpZTTNF aD9GUm1sZAAA X-Authentic-SMTP: 61633532353630.1038:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 24.114.23.118/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] We can trivially fix quadratic CHECKSIG with a simple soft-fork modifying just SignatureHash() X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2015 05:36:12 -0000 --2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Occured to me that this hasn't been mentioned before... We can trivially fix the quadratic CHECK(MULTI)SIG execution time issue by soft-forking in a limitation on just SignatureHash() to only return true if the tx size is <100KB. (or whatever limit makes sense) This fix has the advantage over schemes that limit all txs, or try to count sigops, of being trivial to implement, while still allowing for a future CHECKSIG2 soft-fork that properly fixes the quadratic hashing issue; >100KB txs would still be technically allowed, it's just that (for now) there'd be no way for them to spend coins that are cryptographically secured. For example, if we had an issue with a major miner exploiting slow-to-propagate blocks(1) to harm their competitors, this simple fix could be deployed as a soft-fork in a matter of days, stopping the attack quickly. 1) www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03200.= html --=20 'peter'[:-1]@petertodd.org 0000000000000000094afcbbad10aa6c82ddd8aad102020e553d50a60b6c678f --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJWghu8XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAwOTRhZmNiYmFkMTBhYTZjODJkZGQ4YWFkMTAyMDIwZTU1 M2Q1MGE2MGI2YzY3OGYvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQwIXyHOf0udxdmAf+Ku70Xx0I7gKYW8xS/pMVb6AF 5nql+JGdfOG6rcSpGirpf/VbDfFN3h0cuP9OsjpOL822XpwTZUcofaoD2/ZrvzeA r/D72oDx8pBR/esTCoqCmXoEwTV0ZyPUn0+phCHGJtek5NWtAEwkkb9rlS+TXyE+ mw4gX1wioxXxrGzmPbWiTIxSSWH1kd39WMSPz3oC7QdFh0JHVldF9r2D2lqrNI+1 QsIinH7V9Wm/xS37bjmHHi7Omgtmhf2DoV8f65IC0kAeMmFERgXKDaK1ZvuMUFtg 7kOgXqNmh5qWlUWxbXs5xNi1CNRVrnR38wEV1Bf0U90WN8SnXTYYzh2gsuCKCw== =Y3Ky -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO--