Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XBWqL-0004rw-4A for bitcoin-development@lists.sourceforge.net; Sun, 27 Jul 2014 22:23:01 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.99 as permitted sender) client-ip=62.13.148.99; envelope-from=pete@petertodd.org; helo=outmail148099.authsmtp.net; Received: from outmail148099.authsmtp.net ([62.13.148.99]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1XBWqI-00065f-Pn for bitcoin-development@lists.sourceforge.net; Sun, 27 Jul 2014 22:23:01 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s6RMMpRN089840; Sun, 27 Jul 2014 23:22:51 +0100 (BST) Received: from savin (75-119-251-161.dsl.teksavvy.com [75.119.251.161]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s6RMMkp5028010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 27 Jul 2014 23:22:49 +0100 (BST) Date: Sun, 27 Jul 2014 18:22:52 -0400 From: Peter Todd To: Mike Hearn Message-ID: <20140727222252.GC14717@savin> References: <53D1AF6C.7010802@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Md/poaVZ8hnGTzuv" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 8af43b75-15dc-11e4-b396-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdAUUEkAYAgsB AmIbWVdeUl97XWo7 bA9PbARUfEhLXhtr VklWR1pVCwQmQhpj e2NFEhxydQ1GeX4+ ZE9mW3IVVBUscUUv RUtJFGhSNnphaTUb TRJbfgVJcANIexZF O1F6ACIKLwdSbGoL NQ4vNDcwO3BTJTpY RgYVKF8UXXNDIj85 SnjL X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 75.119.251.161/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [62.13.148.99 listed in list.dnswl.org] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1XBWqI-00065f-Pn Cc: Bitcoin Dev , Ron OHara Subject: Re: [Bitcoin-development] Time X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jul 2014 22:23:01 -0000 --Md/poaVZ8hnGTzuv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 25, 2014 at 12:30:11PM +0200, Mike Hearn wrote: > > > > Ok... 'time' on the blockchain could be 'gamed' ... but with great > > difficulty. >=20 >=20 > Unfortunately not: miners have in the past routinely gamed the timestamp = in > order to use it as an extra nonce and squeeze some more gigahashes out of > their hardware/pool. That's correct, but irrelevant for this application. The "gaming" possible is only a few bits; gaming more bits than that either makes blocks invalid due to being >2hr in the future, or < the median time in the past. In addition doing the latter causes difficulty to rise. Also see: "Re: [Bitcoin-development] 32 vs 64-bit timestamp fields" - Peter Todd - 08 May 2013 http://www.mail-archive.com/bitcoin-development%40lists.sourceforge.net/msg= 02144.html > > An application presented with a fake blockchain can use > > quite a few heuristics to test the 'validity' of the block chain. > > >=20 > The app cannot tell if it was given a truncated chain. You could keep such > an app stuck in the past forever. This is often a problem. Only if the app is trying to use the blockchain non-interactively. The right way to use the blockchain for determining the current time is to create a nonce, timestamp it, wait for a confirmation, and get the merkle path to the block header. This proves the attacker has spent at least whatever resources it took to create a block considered valid by your application. (you'll probably want to have a fairly high min-difficulty) > > Reliable 'time' has been impossible up until now - because you need to > > trust the time source, and that can always be faked. Using the > > blockchain as an approximate time source gives you a world wide > > consensus without direct trust of any player. > > >=20 > Much though I hate to be a party pooper, you could currently get > Bitcoin-level trusted time by just polling at least two or three > independent servers e.g. google.com, baidu.cn, yandex.ru (they all ser= ve > time via HTTPS headers). > > If we crack the mining decentralisation problem then this argument becomes > a lot stronger, but for now ...... See https://github.com/ioerror/tlsdate Reminds me: anyone know if tlsdate is able to produce timestamp proofs verifiable by third-parties? If it could in conjunction with the blockchain as a random beacon you could at least show dishonesty by showing that google.com/etc. signed a HTTPS header with a time prior to when some block was created. Right now unlike the blockchain these independent servers can easily get away with timestamp fraud, particularly if they manage to target your specific application. (use Tor!) Equally, the blockchain has the advantage that it's easy to show that invalid blocks are being created for the purpose of creating fake timestamps; it'd be reasonable for the P2P network to relay any block header seen with a difficulty > some anti-DoS threshold. Gavin already did something similar with relaying invalid blocks in pull-req #3580. It had the flaw of making network splits worse, but in conjunction with a separate "invalid-block" inv type I think the issue goes away. --=20 'peter'[:-1]@petertodd.org 0000000000000000201d505432d708aa2edb656f6fe34d686b37d4747e5ff389 --Md/poaVZ8hnGTzuv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJT1Xu4XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAyMDFkNTA1NDMyZDcwOGFhMmVkYjY1NmY2ZmUzNGQ2ODZi MzdkNDc0N2U1ZmYzODkvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfsj/wgAmhWz18fnwJmwzk2xNzxevP+N 2/NbQcah+HGvV7oq8I9l0zj/Z4WErr/oOrrbvNNWmVWnScC4Ul3Cdow9bYGAcqeW +dhPUuSD7Jz8Uh0SPvqT3E+zWKjsW93W/Sl1PoRGFFGBKCu7nvOkuVY/21vA471P kM+Jwj8q3feQNBH2I9PyApwiUHEu6qF4fBv8vytQrovLOHPuosjt52kSVUhbwt6h +qqHTwKLF4Uz28OKby3Hhhu+bsSeWuWYKe8DgeISMvHf7lQKVtyC4SQ3jC0GfTNm cfhbHAsVZvIlD+opfh0tk3FLCoREz2CfExB0r709hsYjuZ8ICCWKjMdMZb39/w== =EDM6 -----END PGP SIGNATURE----- --Md/poaVZ8hnGTzuv--