1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
|
Delivery-date: Fri, 21 Feb 2025 02:18:39 -0800
Received: from mail-oi1-f189.google.com ([209.85.167.189])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABB5NF4G6QMGQEVBGK54Y@googlegroups.com>)
id 1tlQ7B-00007I-GI
for bitcoindev@gnusha.org; Fri, 21 Feb 2025 02:18:38 -0800
Received: by mail-oi1-f189.google.com with SMTP id 5614622812f47-3f4224d6010sf1072092b6e.1
for <bitcoindev@gnusha.org>; Fri, 21 Feb 2025 02:18:37 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1740133112; cv=pass;
d=google.com; s=arc-20240605;
b=ZHKx9ef9XMS5Tpc2VUUoO2QSrx69Mt/cDZJiVeGWExWEuT32bsAbFbwASRDMEN2aoy
H3FiZVdJ3DGsBrYwqr0IDFK4AjzUmqw4dK3uIehtDKzA8lTn55cGpPmPUwW1w3lfRLyu
pPwqlEISzehkcSIM3p4uV2tsFPXzHetipr1l46ZxhYD/aGJikkS4hk3dFpDN4HP9LxjE
vwHJyKQjn7pmdAf3BnsdDRPBDAHAHRoC7O3H5jktht+mS8eCWfsTCG5YhV1iyC7unjbB
/ISogaCzyrM76JXvv2aPEc7dvepFvCD+2lZAR/MwFObZ3g82dLHXcF4GruUySkTD1gHW
oIPg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:to:in-reply-to:cc:references
:message-id:date:subject:mime-version:from:content-transfer-encoding
:sender:dkim-signature;
bh=3e7+CCnxfu5z/riOoiqXmhls6yYYkWklKwYSScVcjP0=;
fh=ts0ib86sdI0HtnLKztn/y3lHqRY5DvpSLUwxljWQnwc=;
b=FSLCvoNCIdPX6bSifVZgRGwaYHNKeTEs+ehKGksVFwKOP9wy6FiTZ0XhP9sZ1bPlcj
UWaLb1dESW+fEIOelFVKzkYoBXkQY1qKTrAq8wvOlw55XINyfAs55ctV6vqfqVx6BK/a
l9vXUceB2H+prFo6mEgUlwvzo6rzqjLtQowdYLNViVqqhCmFNeD957SNCHgCaXRI5xvC
GN6T5lYcnAZK2aSEb/xLlsGjHx8vDKMqKCznYUlrnl23fuC1KRiKTRkRYjH4glQ7/Uxj
cJERWW0//7jp1dJXfb6ck+OiygS4deOOHdgWNkpaOZjYDrlQXJZeKSROVvh5f5aopA0U
igSA==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@mattcorallo.com header.s=1740099662 header.b=o7pmUtUX;
dkim=pass header.i=@clients.mail.as397444.net header.s=1740099665 header.b=kAgsGkSL;
spf=pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com;
dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1740133112; x=1740737912; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:to:in-reply-to:cc:references:message-id:date
:subject:mime-version:from:content-transfer-encoding:sender:from:to
:cc:subject:date:message-id:reply-to;
bh=3e7+CCnxfu5z/riOoiqXmhls6yYYkWklKwYSScVcjP0=;
b=HEG3hXi4IBejSghdBP5rcO/cjoUClSm5jLYRQXyHVXJ8W6/IZz+gzsrBvZLlKjOXC4
0jAUE6tVG7vdSYeUEFdTLATvj+RZ3uX2lyAYfuPAqQcVD35MdwJj8I/5b1PohmkE7g1I
t1IpzijiK3In3zscT065DDXHXYmSkzwb4ooJPgI6WPQIwIKjAjJAkXC9h60aHsjY6809
yxnSRbXtU5b7QjhqErm0hL/MtFSWdJwnD1SbaLYbe1fqfIOVpFecc71opX4ea+8bRjSN
5OiLy0FJ6Qx7vk4e0E8ciTgrCO7iznCbU+vl1+7VY6bLVdgMLxc4uGiMVzl3+hdPP2XR
8WEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1740133112; x=1740737912;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:to:in-reply-to:cc:references:message-id:date
:subject:mime-version:from:content-transfer-encoding:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=3e7+CCnxfu5z/riOoiqXmhls6yYYkWklKwYSScVcjP0=;
b=qeQHI1y5QynXOq4IE+LO2ukmSKuOm1l/9dcQuh/PVGl9c/EAlPptspllGP6tNLKkS6
scX/O7sgVbhRHM0I6uaW65nBvQujEFx+Omij8jSMOKmGYH1RYc8EtwwbX1QU7WUIQnU+
ygoMh3lH8f3DFVmhRlxbHWHz/TZzPkr7zitXaGUl2aTvNS4v7uDKp9pjP3kn18IxJlKG
aheA9WOZEKe+SlYW+pQXWs8uaDMWGsOI3xQed8hPJmGf3GBYq5Im8Hde24TURzvvpqvZ
neQIZxFoFvqBknGR0w0NX5FnULUhV7slWOun/uVhw2ewuk3UlNEH1AGpDGsR9eKjJK9q
41HA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCX6U1xlhtGDBDXEQtItWiPRWLVIyc9yRl5pFfJRx01tVZDJV1A8fjfL1Yrhh7MsuJBL+vVnXDQSG9Q5@gnusha.org
X-Gm-Message-State: AOJu0YwNGW0xrkl8sOyYABQu9/UZ+9Upw+W9R9JDrxFINv4k2/SGc/Er
hyjVA7Y+ayp6Za4R2x/CTLYMGgEa+EZzW/7Lds9okI/yzf8cJ2ZC
X-Google-Smtp-Source: AGHT+IG+drj1J1+SLJ8ziJ/ZgFy2CbJejQjj3aV3VRK9G6wW1ayWxDzxj9Ekx/jbOfFTEpSfIlLxPQ==
X-Received: by 2002:a05:6808:2109:b0:3f3:f90b:f19d with SMTP id 5614622812f47-3f4247ec606mr1917618b6e.33.1740133111600;
Fri, 21 Feb 2025 02:18:31 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com; h=Adn5yVFq/pMzrUmQTpJy3Lqer9iDTvkGrPhfnfcnippbMWmeZw==
Received: by 2002:a05:6820:151a:b0:5fc:e5bf:2c27 with SMTP id
006d021491bc7-5fd0c8b48fcls1168061eaf.0.-pod-prod-01-us; Fri, 21 Feb 2025
02:18:29 -0800 (PST)
X-Received: by 2002:a05:6808:23ce:b0:3f4:79c:3a6b with SMTP id 5614622812f47-3f4247f1ea9mr2161387b6e.39.1740133108906;
Fri, 21 Feb 2025 02:18:28 -0800 (PST)
Received: by 2002:a05:6808:180e:b0:3f4:10e6:fe26 with SMTP id 5614622812f47-3f4247af251msb6e;
Thu, 20 Feb 2025 17:22:42 -0800 (PST)
X-Received: by 2002:a05:6602:3fd0:b0:855:9c88:787d with SMTP id ca18e2360f4ac-855da7d8b7fmr158339939f.0.1740100962137;
Thu, 20 Feb 2025 17:22:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1740100962; cv=none;
d=google.com; s=arc-20240605;
b=X7YjI0cucoWZpAKtay8zlaa0TO8S+hykqI5Cga/WrxmKpjLf5vb+qgxN9kF2SEPunv
pOmQ0MWOpcMUsS0sIugWNUTM4CUKclTX9cy7ojU7MIx5obVrNjmC4Y03X9pKDwodVRNw
EbBi5eKhykW1qVMFDBuQvH+Jr0XHU8f3ok5KkoaH7CvKXfqnqZk41Y7AnzX4kR3L/DtB
U3qnqvSXx1NvgSpnjqoOb8h1E9tbtPfeq7OcgUXHz1jZKtM3rDK/1xWQSh64yTBhpnFK
hYH76FZn3drHw3whSPeVO4yNqYnjOSLnpCZ0t+9P0wRBFqIM6R0Cq6L9b1GfC8Y9IilX
qFcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=to:in-reply-to:cc:references:message-id:date:subject:mime-version
:from:content-transfer-encoding:dkim-signature:dkim-signature;
bh=KGyQ4MSQeGKrZDWgESS+I1uqXMNrkNc2NVs8gAZoLIw=;
fh=Bqcb9jiE0c9eo8ZXqwQrELQ4hUYSUrJpWWCN8nzb8AA=;
b=hKXzloTEn7AmbcVX4TQf8VLmeuj8X7dGZr0ruNbyEhnUUr0Bb5RFS7gDmCBrh8EYJW
4fu/fi/7ZgljwYWarJZ7jrEHaV/g3uaLQVDgCggxkhHkzVbcWuaadksVLLu94Ua6L14B
FYZTf+AqoA46KQusyXI0qkgDAVd4ZHC+D7/ah96z5UVZLq0HoRCnAz0VnITA2ShnxXS9
6MXT7R81teyc9IltHCHAOo+9pI/MNXwO0R48yckDS8PyR5rOXjnxTPKVk65jEVZ+3785
fmttJFQ1CnBoFYsgJ1OioPVv5i79dkfKt826CxxWz16ped9dUm7hpb+/JS+Of38qSfcu
7xvQ==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@mattcorallo.com header.s=1740099662 header.b=o7pmUtUX;
dkim=pass header.i=@clients.mail.as397444.net header.s=1740099665 header.b=kAgsGkSL;
spf=pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com;
dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com
Received: from mail.as397444.net (mail.as397444.net. [69.59.18.99])
by gmr-mx.google.com with ESMTPS id ca18e2360f4ac-855afd2a82fsi25022939f.2.2025.02.20.17.22.41
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 20 Feb 2025 17:22:41 -0800 (PST)
Received-SPF: pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) client-ip=69.59.18.99;
X-DKIM-Note: Keys used to sign are likely public at
X-DKIM-Note: https://as397444.net/dkim/mattcorallo.com and
X-DKIM-Note: https://as397444.net/dkim/clients.mail.as397444.net
X-DKIM-Note: For more info, see https://as397444.net/dkim/
Received: by mail.as397444.net with esmtpsa (TLS1.3) (Exim)
(envelope-from <lf-lists@mattcorallo.com>)
id 1tlHkV-0007jG-1K;
Fri, 21 Feb 2025 01:22:39 +0000
Content-Type: multipart/alternative; boundary=Apple-Mail-E949E000-858A-4E96-9F84-B86A0E0A8E12
Content-Transfer-Encoding: 7bit
From: Matt Corallo <lf-lists@mattcorallo.com>
Mime-Version: 1.0 (1.0)
Subject: Re: [bitcoindev] Update on the Great Consensus Cleanup Revival
Date: Thu, 20 Feb 2025 20:22:27 -0500
Message-Id: <25482CCA-1F9D-4971-914F-674DF15C3414@mattcorallo.com>
References: <jiyMlvTX8BnG71f75SqChQZxyhZDQ65kldcugeIDJVJsvK4hadCO3GT46xFc7_cUlWdmOCG0B_WIz0HAO5ZugqYTuX5qxnNLRBn3MopuATI=@protonmail.com>
Cc: bitcoindev@googlegroups.com
In-Reply-To: <jiyMlvTX8BnG71f75SqChQZxyhZDQ65kldcugeIDJVJsvK4hadCO3GT46xFc7_cUlWdmOCG0B_WIz0HAO5ZugqYTuX5qxnNLRBn3MopuATI=@protonmail.com>
To: Antoine Poinsot <darosior@protonmail.com>
X-Original-Sender: lf-lists@mattcorallo.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@mattcorallo.com header.s=1740099662 header.b=o7pmUtUX;
dkim=pass header.i=@clients.mail.as397444.net header.s=1740099665
header.b=kAgsGkSL; spf=pass (google.com: domain of lf-lists@mattcorallo.com
designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com;
dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.7 (/)
--Apple-Mail-E949E000-858A-4E96-9F84-B86A0E0A8E12
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
In the delving post you said =E2=80=9CThis provides a 40x decrease in the w=
orst case validation time with a straightforward and flexible rule minimizi=
ng the confiscatory surface. A further 7x decrease is possible by combining=
it with another rule, which is in my opinion not worth the additional conf=
iscatory surface.=E2=80=9D
Can you put numbers to this? How long does it take to validate a full block=
with this 40x decrease and how long would it take with the further 7x decr=
ease?
A 40x decrease to a validation time of 30 seconds probably is worth a bit o=
f risk for a further improvement. A 40x decrease to 1 second is obviously f=
ine :).
> On Feb 5, 2025, at 19:57, 'Antoine Poinsot' via Bitcoin Development Maili=
ng List <bitcoindev@googlegroups.com> wrote:
>=20
> =EF=BB=BFHi everyone,
>=20
> A bit over a year ago i started working on revisiting the 2019 Great Cons=
ensus Cleanup proposal from
> Matt Corallo [0]. His proposal included:
> - making <=3D64 bytes transactions invalid to fix merkle tree weaknesses;
> - making non-pushonly scriptSigs, FindAndDelete matches, OP_CODESEPARATOR=
and non-standard sighash
> types fail script validation to mitigate the worst case block validation=
time;
> - restrict the nTime field of the first block in each difficulty adjustme=
nt interval to be no less
> than 600 seconds lower than the previous block's;
>=20
> I set out to research the impact of each of the vulnerabilities this inte=
nded to patch, the
> alternative fixes possible for each and finally if there was any other pr=
otocol bug fix we'd want to
> include if we went through the considerable effort of soft forking Bitcoi=
n already.
>=20
> Later in March i shared some first findings on Delving [1] and advertized=
the effort on this mailing
> list [2]. I also created a companion thread on Delving, kept private, to =
discuss the details of the
> worst case block validation time [3]. As one would expect due to the larg=
er design space available
> to fix this issue, this private thread is where most of the discussion wo=
uld happen. Thank you to
> everyone who contributed feedback, insights, ideas and argumented opinion=
s on the different issues
> all along the process.
>=20
> Now i would like to update the broader Bitcoin development community on t=
he outcome of this effort.
> I believe a Consensus Cleanup proposal should include the following.
> - A fix for vulnerabilities surrounding the use of timestamps in the diff=
iculty adjustment
> algorithm. In particular, a fix for the timewarp attack with a 7200 sec=
onds grace period as well
> as a fix for the Murch-Zawy attack [4] by making invalid any difficulty =
adjustment period with a
> negative duration.
> - A fix for long block validation times with a minimal "confiscation surf=
ace", by introducing a
> per-transaction limit on the number of legacy sigops in the inputs.
> - A fix for merkle tree weaknesses by making transactions which serialize=
to exactly 64 bytes
> invalid.
> - A fix for duplicate transactions to supplement BIP34 in order to avoid =
resuming unnecessary BIP30
> validation in the future. This is achieved by mandating the nLockTime fi=
eld of coinbase
> transaction to be set to the height of their block minus 1.
>=20
> I have started drafting a BIP draft with the detailed specs for this.
>=20
> Antoine Poinsot
>=20
>=20
> [0] https://github.com/TheBlueMatt/bips/blob/7f9670b643b7c943a0cc6d2197d3=
eabe661050c2/bip-XXXX.mediawiki
> [1] https://delvingbitcoin.org/t/great-consensus-cleanup-revival/710
> [2] https://groups.google.com/g/bitcoindev/c/CAfm7D5ppjo/m/bYJ3BiOuAAAJ
> [3] https://delvingbitcoin.org/t/worst-block-validation-time-inquiry/711
> [4] https://delvingbitcoin.org/t/zawy-s-alternating-timestamp-attack/1062=
#variant-on-zawys-attack-2
>=20
> --
> You received this message because you are subscribed to the Google Groups=
"Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an=
email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/bitcoinde=
v/jiyMlvTX8BnG71f75SqChQZxyhZDQ65kldcugeIDJVJsvK4hadCO3GT46xFc7_cUlWdmOCG0B=
_WIz0HAO5ZugqYTuX5qxnNLRBn3MopuATI%3D%40protonmail.com.
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
25482CCA-1F9D-4971-914F-674DF15C3414%40mattcorallo.com.
--Apple-Mail-E949E000-858A-4E96-9F84-B86A0E0A8E12
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=
=3Dutf-8"></head><body dir=3D"auto"><div dir=3D"ltr"></div><div dir=3D"ltr"=
><div dir=3D"ltr">In the delving post you said =E2=80=9C<span style=3D"care=
t-color: rgb(42, 42, 43); color: rgb(42, 42, 43); font-family: Arial, sans-=
serif; font-size: 16px; -webkit-text-size-adjust: 100%; background-color: r=
gb(255, 255, 255);">This provides a 40x decrease in the worst case validati=
on time with a straightforward and flexible rule minimizing the confiscator=
y surface. A further 7x decrease is possible by combining it with another r=
ule, which is in my opinion not worth the additional confiscatory surface.=
=E2=80=9D</span></div><div dir=3D"ltr"><span style=3D"caret-color: rgb(42, =
42, 43); color: rgb(42, 42, 43); font-family: Arial, sans-serif; font-size:=
16px; -webkit-text-size-adjust: 100%; background-color: rgb(255, 255, 255)=
;"><br></span></div><div dir=3D"ltr"><span style=3D"caret-color: rgb(42, 42=
, 43); color: rgb(42, 42, 43); font-family: Arial, sans-serif; font-size: 1=
6px; -webkit-text-size-adjust: 100%; background-color: rgb(255, 255, 255);"=
>Can you put numbers to this? How long does it take to validate a full bloc=
k with this 40x decrease and how long would it take with the further 7x dec=
rease?</span></div><div dir=3D"ltr"><span style=3D"caret-color: rgb(42, 42,=
43); color: rgb(42, 42, 43); font-family: Arial, sans-serif; font-size: 16=
px; -webkit-text-size-adjust: 100%; background-color: rgb(255, 255, 255);">=
<br></span></div><div dir=3D"ltr"><span style=3D"caret-color: rgb(42, 42, 4=
3); color: rgb(42, 42, 43); font-family: Arial, sans-serif; font-size: 16px=
; -webkit-text-size-adjust: 100%; background-color: rgb(255, 255, 255);">A =
40x decrease to a validation time of 30 seconds probably is worth a bit of =
risk for a further improvement. A 40x decrease to 1 second is obviously fin=
e :).</span></div></div><div dir=3D"ltr"><br><div dir=3D"ltr"></div><blockq=
uote type=3D"cite">On Feb 5, 2025, at 19:57, 'Antoine Poinsot' via Bitcoin =
Development Mailing List <bitcoindev@googlegroups.com> wrote:<br><br>=
</blockquote></div><blockquote type=3D"cite"><div dir=3D"ltr">=EF=BB=BF<spa=
n>Hi everyone,</span><br><span></span><br><span>A bit over a year ago i sta=
rted working on revisiting the 2019 Great Consensus Cleanup proposal from</=
span><br><span>Matt Corallo [0]. His proposal included:</span><br><span>- m=
aking <=3D64 bytes transactions invalid to fix merkle tree weaknesses;</=
span><br><span>- making non-pushonly scriptSigs, FindAndDelete matches, OP_=
CODESEPARATOR and non-standard sighash</span><br><span> types fail sc=
ript validation to mitigate the worst case block validation time;</span><br=
><span>- restrict the nTime field of the first block in each difficulty adj=
ustment interval to be no less</span><br><span> than 600 seconds lowe=
r than the previous block's;</span><br><span></span><br><span>I set out to =
research the impact of each of the vulnerabilities this intended to patch, =
the</span><br><span>alternative fixes possible for each and finally if ther=
e was any other protocol bug fix we'd want to</span><br><span>include if we=
went through the considerable effort of soft forking Bitcoin already.</spa=
n><br><span></span><br><span>Later in March i shared some first findings on=
Delving [1] and advertized the effort on this mailing</span><br><span>list=
[2]. I also created a companion thread on Delving, kept private, to discus=
s the details of the</span><br><span>worst case block validation time [3]. =
As one would expect due to the larger design space available</span><br><spa=
n>to fix this issue, this private thread is where most of the discussion wo=
uld happen. Thank you to</span><br><span>everyone who contributed feedback,=
insights, ideas and argumented opinions on the different issues</span><br>=
<span>all along the process.</span><br><span></span><br><span>Now i would l=
ike to update the broader Bitcoin development community on the outcome of t=
his effort.</span><br><span>I believe a Consensus Cleanup proposal should i=
nclude the following.</span><br><span>- A fix for vulnerabilities surroundi=
ng the use of timestamps in the difficulty adjustment</span><br><span> &nbs=
p;algorithm. In particular, a fix for the timewarp attack with a 7200=
seconds grace period as well</span><br><span> as a fix for the Murch=
-Zawy attack [4] by making invalid any difficulty adjustment period with a<=
/span><br><span> negative duration.</span><br><span>- A fix for long =
block validation times with a minimal "confiscation surface", by introducin=
g a</span><br><span> per-transaction limit on the number of legacy si=
gops in the inputs.</span><br><span>- A fix for merkle tree weaknesses by m=
aking transactions which serialize to exactly 64 bytes</span><br><span> &nb=
sp;invalid.</span><br><span>- A fix for duplicate transactions to supplemen=
t BIP34 in order to avoid resuming unnecessary BIP30</span><br><span>  =
;validation in the future. This is achieved by mandating the nLockTime fiel=
d of coinbase</span><br><span> transaction to be set to the height of=
their block minus 1.</span><br><span></span><br><span>I have started draft=
ing a BIP draft with the detailed specs for this.</span><br><span></span><b=
r><span>Antoine Poinsot</span><br><span></span><br><span></span><br><span>[=
0] https://github.com/TheBlueMatt/bips/blob/7f9670b643b7c943a0cc6d2197d3eab=
e661050c2/bip-XXXX.mediawiki</span><br><span>[1] https://delvingbitcoin.org=
/t/great-consensus-cleanup-revival/710</span><br><span>[2] https://groups.g=
oogle.com/g/bitcoindev/c/CAfm7D5ppjo/m/bYJ3BiOuAAAJ</span><br><span>[3] htt=
ps://delvingbitcoin.org/t/worst-block-validation-time-inquiry/711</span><br=
><span>[4] https://delvingbitcoin.org/t/zawy-s-alternating-timestamp-attack=
/1062#variant-on-zawys-attack-2</span><br><span></span><br><span>-- </span>=
<br><span>You received this message because you are subscribed to the Googl=
e Groups "Bitcoin Development Mailing List" group.</span><br><span>To unsub=
scribe from this group and stop receiving emails from it, send an email to =
bitcoindev+unsubscribe@googlegroups.com.</span><br><span>To view this discu=
ssion visit https://groups.google.com/d/msgid/bitcoindev/jiyMlvTX8BnG71f75S=
qChQZxyhZDQ65kldcugeIDJVJsvK4hadCO3GT46xFc7_cUlWdmOCG0B_WIz0HAO5ZugqYTuX5qx=
nNLRBn3MopuATI%3D%40protonmail.com.</span><br></div></blockquote></body></h=
tml>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/25482CCA-1F9D-4971-914F-674DF15C3414%40mattcorallo.com?utm_mediu=
m=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoindev=
/25482CCA-1F9D-4971-914F-674DF15C3414%40mattcorallo.com</a>.<br />
--Apple-Mail-E949E000-858A-4E96-9F84-B86A0E0A8E12--
|
