1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
|
Return-Path: <j@toom.im>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id AE790EEE
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 18 Dec 2015 02:47:18 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3862AF3
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 18 Dec 2015 02:47:18 +0000 (UTC)
Received: from [IPv6:::1] ([58.96.168.240]) (authenticated bits=0)
by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id tBI2keNx012077
(version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
Thu, 17 Dec 2015 18:47:13 -0800
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed;
boundary="Apple-Mail=_59CCC207-43D9-4D5C-B638-997B2622A496";
protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.5.2
From: Jonathan Toomim <j@toom.im>
In-Reply-To: <CAPg+sBjJcqeqGLHnPyWt23z3YoCRGozQupuMxy51J_-hdkKBSA@mail.gmail.com>
Date: Fri, 18 Dec 2015 10:47:14 +0800
Message-Id: <E76D5BF9-41BF-4AF5-BBAC-06F4EF574EBE@toom.im>
References: <CAPg+sBjJcqeqGLHnPyWt23z3YoCRGozQupuMxy51J_-hdkKBSA@mail.gmail.com>
To: Pieter Wuille <pieter.wuille@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
X-Sonic-CAuth: UmFuZG9tSVZ0w+hTuxTCMmY3OnyjJ//vEm08I3OjAIFI1r6zZ5i2nG1rrhLYaT+d8EYOyxyeL8bfB2b3dGoeCmZYoJluXC5A
X-Sonic-ID: C;5kT5kDGl5RG9msgxU3XIUw== M;fFjxozGl5RG9msgxU3XIUw==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] On the security of softforks
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2015 02:47:18 -0000
--Apple-Mail=_59CCC207-43D9-4D5C-B638-997B2622A496
Content-Type: multipart/alternative;
boundary="Apple-Mail=_441D93C9-B0EB-461E-BC6B-8F93BBB66B9C"
--Apple-Mail=_441D93C9-B0EB-461E-BC6B-8F93BBB66B9C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev =
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> 1) The risk of an old full node wallet accepting a transaction that is
> invalid to the new rules.
>=20
> The receiver wallet chooses what address/script to accept coins on.
> They'll upgrade to the new softfork rules before creating an address
> that depends on the softfork's features.
>=20
> So, not a problem.
Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob =
runs the old rules. Bob creates a p2pkh address for Mallory to use. =
Mallory takes 1 BTC, and creates an invalid SegWit transaction that Bob =
cannot properly validate and that pays into one of Mallory's wallets. =
Mallory then immediately spends the unconfirmed transaction into Bob's =
address. Bob sees what appears to be a valid transaction chain which is =
not actually valid.
Clueless Carol is one of the 4.9% of miners who forgot to upgrade her =
mining node. Carol sees that Mallory included an enormous fee in his =
transactions, so Carol makes sure to include both transactions in her =
block.
Mallory gets free beer.
Anything I'm missing?
--Apple-Mail=_441D93C9-B0EB-461E-BC6B-8F93BBB66B9C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space;"><br><div><div>On Dec 18, 2015, at 10:30 AM, Pieter =
Wuille via bitcoin-dev <<a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.li=
nuxfoundation.org</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><span =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: auto; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; widows: auto; word-spacing: =
0px; -webkit-text-stroke-width: 0px; float: none; display: inline =
!important;">1) The risk of an old full node wallet accepting a =
transaction that is</span><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;"><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: =
none; display: inline !important;">invalid to the new rules.</span><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: auto; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; widows: auto; word-spacing: =
0px; -webkit-text-stroke-width: 0px;"><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;"><span style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;">The receiver wallet chooses =
what address/script to accept coins on.</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;"><span style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;">They'll upgrade to the new =
softfork rules before creating an address</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;"><span style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;">that depends on the softfork's =
features.</span><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: auto; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; widows: auto; word-spacing: =
0px; -webkit-text-stroke-width: 0px;"><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;">So, not a =
problem.</span></blockquote></div><div><br></div><div>Mallory wants to =
defraud Bob with a 1 BTC payment for some beer. Bob runs the old rules. =
Bob creates a p2pkh address for Mallory to use. Mallory takes 1 BTC, and =
creates an invalid SegWit transaction that Bob cannot properly validate =
and that pays into one of Mallory's wallets. Mallory then immediately =
spends the unconfirmed transaction into Bob's address. Bob sees what =
appears to be a valid transaction chain which is not actually =
valid.</div><div><br></div><div>Clueless Carol is one of the 4.9% of =
miners who forgot to upgrade her mining node. Carol sees that Mallory =
included an enormous fee in his transactions, so Carol makes sure to =
include both transactions in her =
block. </div><div><br></div><div>Mallory gets free =
beer.</div><div><br></div><div>Anything I'm missing?</div></body></html>=
--Apple-Mail=_441D93C9-B0EB-461E-BC6B-8F93BBB66B9C--
--Apple-Mail=_59CCC207-43D9-4D5C-B638-997B2622A496
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJWc3OyAAoJEIEuMk4MG0P1r74IAMyiiHOBvE23o4fXdcnszoMq
NQpkdui4Z1DWWj7C/YfxlJB06/fO9WIbZ5Dg6GH5eg8OKILx6B541ZfzY0PNpdrN
5gKYHmtdhwCxYR6W5x8d/FT9BmUDRbHfd6P3utb6wieGVwMly/XT7eWhi1gNHZ1E
1oRtLPBMXAfW2r8JsU5uFkCP8iu2CvpJ0PU2VmWyDS96LEI9i9RxDt+jHwmOJnHJ
ojkAHNR4nM37VwhVEgJLVcQejG0WF/PZGXznRQy0rACvoquOuqKkbmT+Us8gpPh4
REKoxhlsNwBwkbn5Wt9SPWvMC6uEtAOF9HZe0+WA+cMnPqiSbatkBFdAE1mPgKo=
=jx0/
-----END PGP SIGNATURE-----
--Apple-Mail=_59CCC207-43D9-4D5C-B638-997B2622A496--
|