Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1R8bCa-0007rN-Ln for bitcoin-development@lists.sourceforge.net; Tue, 27 Sep 2011 17:12:16 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.161.47 as permitted sender) client-ip=209.85.161.47; envelope-from=gavinandresen@gmail.com; helo=mail-fx0-f47.google.com; Received: from mail-fx0-f47.google.com ([209.85.161.47]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.76) id 1R8bCZ-0008Vv-Rj for bitcoin-development@lists.sourceforge.net; Tue, 27 Sep 2011 17:12:16 +0000 Received: by fxi1 with SMTP id 1so10388347fxi.34 for ; Tue, 27 Sep 2011 10:12:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.42.216 with SMTP id t24mr2698333fae.141.1317143529585; Tue, 27 Sep 2011 10:12:09 -0700 (PDT) Received: by 10.152.25.105 with HTTP; Tue, 27 Sep 2011 10:12:09 -0700 (PDT) Date: Tue, 27 Sep 2011 13:12:09 -0400 Message-ID: From: Gavin Andresen To: Bitcoin Dev Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gavinandresen[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 AWL AWL: From: address is in the auto white-list X-Headers-End: 1R8bCZ-0008Vv-Rj Subject: [Bitcoin-development] More denial-of-service prevention code to review X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Sep 2011 17:12:16 -0000 Pull request: https://github.com/bitcoin/bitcoin/pull/534 Denial-of-service prevention: orphan blocks The attack this prevents: Generate valid "orphan" blocks and send them to a bitcoin node. Orphan blocks are blocks that are not in the main blockchain, and before this patch the bitcoin client would store an arbitrary number of them in memory, in case they later became part of the main chain. Two checks are added: 1) Orphan blocks before the last blockchain lock-in are rejected, and if the node sends enough of those obviously-not-part-of-the-main-chain blocks it will be disconnected and banned. 2) Orphan blocks must have a plausible proof-of-work. It is impossible for a difficulty 1.0 block to follow a difficulty 1-million block (it would take at least 19 months for difficulty to drop from 1-million to 1). Orphan blocks with too-low proof-of-work are ignored, and if a node sends ten of them it is disconnected/banned. Requiring plausible proof-of-work for orphan blocks will make this attack too expensive to attempt (you would have to generate valid blocks at current difficulty). -- -- Gavin Andresen