Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VdQTS-0003K9-T9 for bitcoin-development@lists.sourceforge.net; Mon, 04 Nov 2013 20:10:10 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.219.44 as permitted sender) client-ip=209.85.219.44; envelope-from=mh.in.england@gmail.com; helo=mail-oa0-f44.google.com; Received: from mail-oa0-f44.google.com ([209.85.219.44]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VdQTR-00047q-HT for bitcoin-development@lists.sourceforge.net; Mon, 04 Nov 2013 20:10:10 +0000 Received: by mail-oa0-f44.google.com with SMTP id l20so7742187oag.31 for ; Mon, 04 Nov 2013 12:10:04 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.60.50.168 with SMTP id d8mr57932oeo.77.1383595804123; Mon, 04 Nov 2013 12:10:04 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.76.156.42 with HTTP; Mon, 4 Nov 2013 12:10:04 -0800 (PST) In-Reply-To: <5277FB21.3050306@monetize.io> References: <20131104115314.GA1013@savin> <20131104181649.GA3847@petertodd.org> <5277FB21.3050306@monetize.io> Date: Mon, 4 Nov 2013 21:10:04 +0100 X-Google-Sender-Auth: PlccMg81o68fH7oT8HjYVK4allM Message-ID: From: Mike Hearn To: Mark Friedenbach Content-Type: multipart/alternative; boundary=001a11c30bf06aed0804ea5f8024 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: doubleclick.net] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1VdQTR-00047q-HT Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Committing to extra block data/a better merge-mine standard X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2013 20:10:11 -0000 --001a11c30bf06aed0804ea5f8024 Content-Type: text/plain; charset=UTF-8 Yes, sure. I was talking about the case of transiently relayed data, like IP addresses. On Mon, Nov 4, 2013 at 8:53 PM, Mark Friedenbach wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/4/13 11:38 AM, Mike Hearn wrote: > > The Merkle branch doesn't get stored indefinitely though, whereas > > the coinbase hash does. The data stored in the coinbase [output] > > can always just be the 256-bit root hash truncated to less. > > > > I doubt the additional bytes make much difference really, so the > > additional complexity may not be worth it. But it wouldn't be an > > issue to do. > > The bits make a difference if you are merged mining. You can use the > birthday attack to construct two data trees whose hash match the > (truncated) value, each containing separate aux block headers. This > allows you to double-count the bitcoin PoW for more than one aux block > on the same chain, potentially facilitating aux chain attacks. > > If you want 128 bits of security for merged mined aux chains, you need > 256 bits of hash in the coinbase. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.19 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJSd/shAAoJEAdzVfsmodw48a0P/RaCOctBDvhU0THnsUw6nRBm > A8oH3Kpio4ZltU4oIT0tznZbUOG2j2xVrmATqXDYOZQ6FuGihjmkKJ9jHgl57pb5 > 0qDdCBiEuWtLIh2+Awrb3Y0s8czyCQP9/1CJyzdEFmI8rSwCaqJMa6B2Ny6Xz6+8 > eiK45YdXCPgdTAb56FKOi9WzOe0g1aOO5KiUOci22xRkXvh4qPYrt2F0LIgjZTdC > koyXU6dcKON9H8Cecu+ag7jJ5A9ZDj7oIq5rflEyolh2V4ie0tGQ50rFGg/ii6iQ > Tz9AWwigsHEkuinBTuN5041Xb8nAgHLvA60RQ41lWUHJxfAvDE+wN6NqgHmMVaRo > NHqlZcCuEl1jn7HW81XQTpgarrXHk1G7b2vK10pB/lUxUNIstZvCSjcp8QdtmC9v > tIhC2czSnsQaE6kIBuHxDNZxOlZ8DxBYCAgXSkycwznwzGhFPP0xB1lV9HfaP5+i > aikmx5SQmqBXQQKsxmIacoykrfu5x+O2TB/bq8JhJ1ak2jG9LVFyQqjorABVAgA7 > pLEN6EomWht5qstaLVfHYpNsLMf6WA7UzRG08HKItUeDPtG7bDx8vBx5TvIUjT44 > A0i09bOt8ZIgp+lJ8lFLWiPLChViAoy7fqKy2vrdsZerOF3l4LUQeQO/xnfZc+dG > AEG+7iCBOMxJSVoJ5bP6 > =nydG > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------------ > Android is increasing in popularity, but the open development platform that > developers love is also attractive to malware creators. Download this white > paper to learn more about secure code signing practices that can help keep > Android apps secure. > http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --001a11c30bf06aed0804ea5f8024 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Yes, sure. I was talking about the case of transiently rel= ayed data, like IP addresses.


On Mon, Nov 4, 2013 at 8:53 PM, Mark Friedenbach <mar= k@monetize.io> wrote:
-----BEGIN PGP SIGNED MESS= AGE-----
Hash: SHA1

On 11/4/13 11:38 AM, Mike Hearn wrote:
> The Merkle branch doesn't get stored indefinitely though, whereas<= br> > the coinbase hash does. The data stored in the coinbase [output]
> can always just be the 256-bit root hash truncated to less.
>
> I doubt the additional bytes make much difference really, so the
> additional complexity may not be worth it. But it wouldn't be an > issue to do.

The bits make a difference if you are merged mining. You can use the<= br> birthday attack to construct two data trees whose hash match the
(truncated) value, each containing separate aux block headers. This
allows you to double-count the bitcoin PoW for more than one aux block
on the same chain, potentially facilitating aux chain attacks.

If you want 128 bits of security for merged mined aux chains, you need
256 bits of hash in the coinbase.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http:= //gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSd/shAAoJEAdzVfsmodw48a0P/RaCOctBDvhU0THnsUw6nRBm
A8oH3Kpio4ZltU4oIT0tznZbUOG2j2xVrmATqXDYOZQ6FuGihjmkKJ9jHgl57pb5
0qDdCBiEuWtLIh2+Awrb3Y0s8czyCQP9/1CJyzdEFmI8rSwCaqJMa6B2Ny6Xz6+8
eiK45YdXCPgdTAb56FKOi9WzOe0g1aOO5KiUOci22xRkXvh4qPYrt2F0LIgjZTdC
koyXU6dcKON9H8Cecu+ag7jJ5A9ZDj7oIq5rflEyolh2V4ie0tGQ50rFGg/ii6iQ
Tz9AWwigsHEkuinBTuN5041Xb8nAgHLvA60RQ41lWUHJxfAvDE+wN6NqgHmMVaRo
NHqlZcCuEl1jn7HW81XQTpgarrXHk1G7b2vK10pB/lUxUNIstZvCSjcp8QdtmC9v
tIhC2czSnsQaE6kIBuHxDNZxOlZ8DxBYCAgXSkycwznwzGhFPP0xB1lV9HfaP5+i
aikmx5SQmqBXQQKsxmIacoykrfu5x+O2TB/bq8JhJ1ak2jG9LVFyQqjorABVAgA7
pLEN6EomWht5qstaLVfHYpNsLMf6WA7UzRG08HKItUeDPtG7bDx8vBx5TvIUjT44
A0i09bOt8ZIgp+lJ8lFLWiPLChViAoy7fqKy2vrdsZerOF3l4LUQeQO/xnfZc+dG
AEG+7iCBOMxJSVoJ5bP6
=3DnydG
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------= ---
Android is increasing in popularity, but the open development platform that=
developers love is also attractive to malware creators. Download this white=
paper to learn more about secure code signing practices that can help keep<= br> Android apps secure.
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D65839951&iu=3D/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--001a11c30bf06aed0804ea5f8024--