path: root/d8/37e9eb3fbb772149b1c9d6e5689adda98c4093

Delivery-date: Tue, 29 Apr 2025 12:24:38 -0700
Received: from mail-oo1-f61.google.com ([209.85.161.61])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBDZPZFXW2IMRB2WOYTAAMGQENELQCMY@googlegroups.com>)
	id 1u9qZI-0001BM-73
	for bitcoindev@gnusha.org; Tue, 29 Apr 2025 12:24:38 -0700
Received: by mail-oo1-f61.google.com with SMTP id 006d021491bc7-6021ab9731dsf221949eaf.1
        for <bitcoindev@gnusha.org>; Tue, 29 Apr 2025 12:24:36 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1745954670; cv=pass;
        d=google.com; s=arc-20240605;
        b=dcPr8PjDF+GbA+UHhuKi5RZPJzoqAy6fy2ZlLoDXn8Y3mfPUnOO9Bd5RW/0Auw/wlD
         mm+cQPktpbZCmX4SQWnskM49cYFdOVbNceZR8nScsv4jcoI55nzzOx1KX9m2XHoDqQaU
         8i0iliFmyLHG0lv+nPJtx29WjCjcmxlIQv9q3SABENVeERj0amrC5SIr/iy/8AxCEemV
         JY8MSGwPVjosua1Vm9j2lRAZ7cf+2RD/cgBeEESX+cfF63TT8cH8rfKk2CbFS17xgMsB
         US+AE3cuk/kQOgw5DJ2ZQGDAaz+MnZTgCIoLVZ2cEq+tGzl5LSpO3TStYg8kMGuRgNHr
         tWSw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:sender:dkim-signature
         :dkim-signature;
        bh=MSVS9ZnNEngGbOvaJOKE5w0LBHkd1wvz5T8lEBCnet8=;
        fh=MXGLxd5n/wCUPMAaCGC/7cnXU6R+TnghAEtn/NslaOg=;
        b=Q35FxZvvnv72qDFZwfp5YRaPAy7SLyK8hhrUE2w98iyEpO6KgZdFIV+Ir5x7oH7ieZ
         r8qngcoWFdIBzQxDXKLWtIeha/IVooPyJfn5ZVBI/0FFqZgqJyZZrdQzNcMj9R56qLXn
         5JhBG7GoZIBaWGrruHS8kzo+JREna64v1US1HgroA0ATUyBSAz2w2Nj7O4bl9EHr2iBw
         M7654cruSB8oLGxgjPgf4FlaQUGXT4vg1NkAanGk/ehGT6qREOGa27Xcm3AP84MF3kUR
         fOlhYKD7yTFYADvLKgIFPA0JJ7DXyJQ4dBMg6wWxi/ybO6J0JEJwxmc0Eo5Tj7InxMA1
         RlSw==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=ia05+5bZ;
       spf=pass (google.com: domain of martin.habovstiak@gmail.com designates 2607:f8b0:4864:20::730 as permitted sender) smtp.mailfrom=martin.habovstiak@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1745954670; x=1746559470; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=MSVS9ZnNEngGbOvaJOKE5w0LBHkd1wvz5T8lEBCnet8=;
        b=c8v1c5G5t6vOmA7L7+w53DoujSJAP2z0pSvUWLhHRiUGwYnaWHMAKb04Z/RasW2T23
         hU2+AfW48kGw0tBD/AmQQGg73/qJvBo3olp8raQ8tzsfjmybrS6kM6gr2FCuKPEiHal8
         ySfoFc24DLZDFxzFiz92oNkEu//cD9D2J5zG1tM3SFs5jERAhcuSLwTM7yUZ0WHkyBrq
         zcZu+uUkGd4wYKXpSeueFk97gnidMJMOSuUhgfNo1nIrJbH1kmLZdppjKhDjKbaergMb
         LuB0eRpwMHei4yvu3xeuwA6H3Ar9HOew/ZP7Jm2bJv3a3WyaAFFi2QykXK+wrC/OGlFy
         hMOQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1745954670; x=1746559470; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=MSVS9ZnNEngGbOvaJOKE5w0LBHkd1wvz5T8lEBCnet8=;
        b=I+nJwAe9UOzaX8bxAjyCEx7jEYq932/78G2X26AhxiclSYvyDGz5wRSd6W7w2ov1n5
         FrFFkPOxuO50qM8Xl6H6oslrHnE6OdE1eLUEQU0K525L2/Fsvvr6ppa5ncNuGCr06/r8
         JCZQrXlaAyQ6OVrI/GMJ0soqPqMTaAIeH9jWpq8uyM9StQ8bLZVnGZ4LCYoONJHftN00
         gcg5hcx4Xr/4TD7AINz8+eCPJE3cYCmpWyRyN4BYv+h+slYZGYMa7U5DttbRWKWL6YS1
         4q3FIh20SnsZjBRGNiQdAxHI3eNhpas6j0jq/SSXyi/3wrhjeDnd54nQllA/mBI2aJ+q
         WeZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1745954670; x=1746559470;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:x-beenthere:x-gm-message-state:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=MSVS9ZnNEngGbOvaJOKE5w0LBHkd1wvz5T8lEBCnet8=;
        b=RGtFicbeDHqvvOghs2fck3Nia422POk6aXp9km/KrbkAGvNDkTbw8eYM86X7VzD9PL
         p4dWdr1aM81ATYiu1OcathEusWE2vVVyS1PJeLIHuKHR2i75XVoTt7uY//cCP/g9FnmL
         e0FNk2H8aZn4n4e8nphACxXlKnaXDQACz0oqWEXepTvcVM5j3RcSD2pQppKM7/hpqrCJ
         sQGNu0Gw2Wu4c1zEdJXhcaJXrGMGxtzI9Il/UjK/PbmWvD7x7UNoMfdda62k9Lu2yyav
         Nh6C/RqUUuto8UhqHvF5R2ysFXswxsZepVzhxGoAnUUJc8ll/d5xDTpKVlbdFc4smpNQ
         l7Kg==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCXAz2JiklJ5bAASsvbY+UBsiIU4QAvVjWmVoDlHsfSzWTI/TcEgCfiaslWtofFB6dyIXaitHdpqYHeR@gnusha.org
X-Gm-Message-State: AOJu0YyFyxg7/pNwFcWlSJdeCLLRTMorpcR3ch/oN4tFMVvELmUaoWhk
	6EdrkYtlnX2iu/Y5fBV8d5EV64R2vcDJmYNlukLmXBv+U80urQYP
X-Google-Smtp-Source: AGHT+IFpoDIYqnEsQ/6lRbd6wG0ppeJStASenIY8eViIZtE31KwpXBLTzgooZQxmp6YdT1lgUrS4qQ==
X-Received: by 2002:a4a:ee8a:0:b0:600:5673:69ef with SMTP id 006d021491bc7-607d4d3c16bmr64668eaf.1.1745954670042;
        Tue, 29 Apr 2025 12:24:30 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AVT/gBH77aDiwuu3d/5mNkQZM/h4sHNS2ldoO2DgJBuD5mMJWg==
Received: by 2002:a4a:bd8d:0:b0:603:f521:ff20 with SMTP id 006d021491bc7-606434c17f0ls1606599eaf.1.-pod-prod-00-us;
 Tue, 29 Apr 2025 12:24:26 -0700 (PDT)
X-Received: by 2002:a05:6808:211b:b0:3f6:ab0d:8db1 with SMTP id 5614622812f47-402a4970257mr40985b6e.3.1745954666385;
        Tue, 29 Apr 2025 12:24:26 -0700 (PDT)
Received: by 2002:a05:6808:158c:b0:3fa:da36:efcd with SMTP id 5614622812f47-40220c785bamsb6e;
        Tue, 29 Apr 2025 12:20:36 -0700 (PDT)
X-Received: by 2002:a05:6870:178f:b0:2d9:7a9e:99ef with SMTP id 586e51a60fabf-2da6b2548abmr60990fac.1.1745954434801;
        Tue, 29 Apr 2025 12:20:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1745954434; cv=none;
        d=google.com; s=arc-20240605;
        b=AhvU9/7bzc9QTEawtkdT2iasTjpBiLrMx6ME67IWTnZsv8VmhmeMraycRzu4rhEs8X
         WKlj++o1vJx3F5cC7RH4QRpNz6x6CBIdczFgmGSZy8ISMTpw01u2+WDrwS92nOBEPqTT
         MLIipiKhU4cAZ4ZheO48Po7rAjA++tlKFP9FXHNoLQelTL3sLHBgV5bs7Ze2bwQQKjIv
         Q4K4xOqJg1r3b78CIn2j0XLVDRebXXNWyQqdzOTmesyzmqE1hPhK9ceUHoYw697vnhnL
         RGy3FBgPQuZEj1Q8qfNgQhAlTGPuk2f4CamugU+kCoW6Y1gDLDCN2Z43nWSNhDu9BSUZ
         dpwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=2DuB7UC2y4M5h409iR60lHr0CEFWjZYdgBhpP3xxIXc=;
        fh=zPj+T5aSWajcUSweGUyEquW3DD+8DH5EWhGrm+zQSgg=;
        b=XjDRdgmRfs7mAiEB0R26d3H3zxYzeveQkniy8vUUWRfLMDRaIkHNaavAR1gOggBCRb
         Lgoys57TGn8rMEYdW8ktEQI1rRqQcTkx56t3xFDVBpau6p73CK3aa//nGY8wtcGOuh6H
         F2AKXdOBJ1JAuIBa1cvjm+H4m5fG/fsoYd3kF8Fzcccy44aQSte+A7+OKLflz2Z2XnuA
         jLdfnIF5oIrNOL94dyIE6+MMT736gVGv2NJhc6oB+hvU+UOF4l9yt31W4E3k3E2svWQp
         M5RFChldWBtNY9cnF79MmdtCpXFvnB/nN+V//aUlwC0imp1ZZmagw4uCh9sxFFcGrb1c
         Istg==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=ia05+5bZ;
       spf=pass (google.com: domain of martin.habovstiak@gmail.com designates 2607:f8b0:4864:20::730 as permitted sender) smtp.mailfrom=martin.habovstiak@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com. [2607:f8b0:4864:20::730])
        by gmr-mx.google.com with ESMTPS id 586e51a60fabf-2d972f3b405si39676fac.0.2025.04.29.12.20.34
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 29 Apr 2025 12:20:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of martin.habovstiak@gmail.com designates 2607:f8b0:4864:20::730 as permitted sender) client-ip=2607:f8b0:4864:20::730;
Received: by mail-qk1-x730.google.com with SMTP id af79cd13be357-7c54f67db99so24518985a.1
        for <bitcoindev@googlegroups.com>; Tue, 29 Apr 2025 12:20:34 -0700 (PDT)
X-Gm-Gg: ASbGncsW90uTtgqHnDVi/2FjB6KlVirikfaFscgtV1YS+l91BMPHurIVC6As3/CxxsI
	TIzn+JRa3Ofpf+o7JdGeML8pqRxNeflMUKvvT/T9UoBH5sqWKNtC6HdkC5zAyf8bGHQ+rRJZs4q
	v7PxB/oZtR2EmVHHts1hkGqpavtzv/NBAZRFRh/tMqL+mWEw7J7hqo
X-Received: by 2002:a05:620a:280d:b0:7ca:c6e0:669d with SMTP id
 af79cd13be357-7cac7b40895mr12850785a.22.1745954434042; Tue, 29 Apr 2025
 12:20:34 -0700 (PDT)
MIME-Version: 1.0
References: <rhfyCHr4RfaEalbfGejVdolYCVWIyf84PT2062DQbs5-eU8BPYty5sGyvI3hKeRZQtVC7rn_ugjUWFnWCymz9e9Chbn7FjWJePllFhZRKYk=@protonmail.com>
 <03be4934-f0ff-4b58-880d-861d63a4f970@dashjr.org> <CEB83B34-6C5B-469E-9914-20940F27EEC0@sprovoost.nl>
 <d18b4149-5523-44bd-8332-2b7962f4b674@dashjr.org> <QMywWcEgJgWmiQzASR17Dt42oLGgG-t3bkf0vzGemDVNVnvVaD64eM34nOQHlBLv8nDmeBEyTXvBUkM2hZEfjwMTrzzoLl1_62MYPz8ZThs=@wuille.net>
 <f4f6831a-d6b8-4f32-8a4e-c0669cc0a7b8n@googlegroups.com>
In-Reply-To: <f4f6831a-d6b8-4f32-8a4e-c0669cc0a7b8n@googlegroups.com>
From: =?UTF-8?Q?Martin_Habov=C5=A1tiak?= <martin.habovstiak@gmail.com>
Date: Tue, 29 Apr 2025 16:20:22 -0300
X-Gm-Features: ATxdqUEbl2OJL93SrNPs1fwQRkHuiFs_5m8Z44-ETdl5jcSpdtLV30n5yoDRzWg
Message-ID: <CALkkCJY5T5sd5Am0M6abhaMMicwVNvSfwYQP1jMjxfVsuT8Jaw@mail.gmail.com>
Subject: Re: [bitcoindev] Relax OP_RETURN standardness restrictions
To: "Jason Hughes (wk057)" <wizkid057@gmail.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="000000000000d5d0080633efb15d"
X-Original-Sender: martin.habovstiak@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20230601 header.b=ia05+5bZ;       spf=pass
 (google.com: domain of martin.habovstiak@gmail.com designates
 2607:f8b0:4864:20::730 as permitted sender) smtp.mailfrom=martin.habovstiak@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

--000000000000d5d0080633efb15d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,

I have a little demo for you.

Firstly, I think the kind of illegal content most people have in mind are
images. So let's start with a question: if one takes an illegal picture and
sets every 173th pixel to a red dot will it become legal?

If you have trouble imagining it, here's an example for you:
https://imgur.com/a/J7RTPL7

If you believe it would, we can end this conversation and my point is moot.
However, I think you'll agree the image would still be illegal.

Next, I think it's obvious that an attacker seeking to harm bitcoin users
would choose an any image format he likes. So for this example I'm picking
BMP.

If you encode the image above to BMP, which is uncompressed, the red pixels
turn into bytes 253, 7, 2 which happen to encode witness element length
519. The header size is 54 bytes, so stick the byte 54 at the front and you
have a valid serialization of a sequence of witness elements.

Do you see what this means?


...


Yes, it's too late to fix this. It's already trivially possible to make
your node store a sequence of bytes that is considered illegal. If you're
worried about it you have to resync the chain right now.

Disclaimer: the numbers above might be a bit off, I did most computation in
my head. Still, the point stands even if the pixels have a bit different
spacing/color.

Same thing with malware distribution, except you can easily skip the
invalid bytes using jump instructions or other techniques, so that might be
even worse.

Happy syncing!

Martin


D=C5=88a ut 29. 4. 2025, 11:15 Jason Hughes (wk057) <wizkid057@gmail.com>
nap=C3=ADsal(a):

> I was asked to take my comments to the mailing list, so here we go.
>
> First, see my comments on Github PR #32359:
> - https://github.com/bitcoin/bitcoin/pull/32359#issuecomment-2835467933
> - https://github.com/bitcoin/bitcoin/pull/32359#issuecomment-2835638919
> - https://github.com/bitcoin/bitcoin/pull/32359#issuecomment-2834012756
>
> Next, I'll once again point out relevant history for those just tuning in=
:
>
> OP_RETURN was only made standard in a limited size to encourage less
> harmful data carrying in Bitcoin. Attackers were using harmful methods of
> data carrying in unspendable UTXOs, and so a way to inject a small amount
> of data was TOLERABLE over this harmful UTXO bloat that.  That mostly
> worked, and such practices were quickly minimized. This remained the case
> for about a decade without significant issue. Bitcoin is not file storage=
,
> and this was known to developers at that time.  Sadly, eventually an
> exploit called 'inscriptions' happened which blew the cap off of the size
> limitation of arbitrary data storage... and to make matters worse,
> developers refused to patch the exploit or otherwise enforce the decade o=
ld
> limit on arbitrary data size. If that wasn't bad enough, exploiters get a
> 75% discount on transaction fees.
>
> With that history in mind, removing limits on OP_RETURN standardness size
> is pointless. Relaxing OP_RETURN size limits without dealing with the
> inscriptions exploit means no one will use this for anything besides
> attacking the network with the worst possible data. There's little to no
> incentive to use OP_RETURN for data storage when using the 'inscriptions'
> exploit costs 4x less in transactions. What's the point of having a
> "standard" way to store arbitrary data if the exploit method is 4x cheape=
r?
> And the nonstandard version of the exploit allows 4x the data?
>
> Further, the inscriptions exploit currently requires chunking the data
> between PUSH opcodes, meaning an on-disk analysis doesn't actually direct=
ly
> reveal the underlying data the injector intended.  I can still run
> something like "photorec" on my system and not have to sift through
> thousands of 'inscriptions'. Removing the size limit on OP_RETURN breaks
> this happenstance obfuscation that has saved us to-date. After this chang=
e,
> when data is recovered from a full node system, whatever some anonymous
> person decided to stuff into an OP_RETURN will be serialized in plaintext
> directly on disk. For the low price of a few sats per byte, an attacker c=
an
> now directly poison the storage of every full node runner.
>
> If you can't imagine the harm this will do to the ecosystem, let me paint
> some pictures for you:
>
> First, there's the obvious. Everyone running a node will now be guarantee=
d
> to "posses and distribute" content that is likely illegal in their
> jurisdiction. Not only are you storing this as a full node runner, you're
> serving it to others. Hooray. /s
>
> Next, there's less obvious abuses. For example, let's say I want to
> distribute malware. Well, might as well just store it in an OP_RETURN.
> Then, any time I compromise a system with a Bitcoin node I know my malwar=
e
> is directly on their system in a mostly predetermined spot already and I
> don't even need to retrieve it from elsewhere! And, even better, my malwa=
re
> can use the Bitcoin P2P network itself to distribute itself. Just find a
> willing full node, grab the block it's in. Thanks for the boost, node
> runners!
>
> Worse, in order to actually participate in the network, everyone MUST
> download all of this data from others (who must host it for you), process
> it, and generally must host it for others to do the same. The network can=
't
> survive with 100% pruned nodes. I think too many users nowadays don't
> understand that running a full node is the ONLY way to actually participa=
te
> in Bitcoin.
>
> It's bad enough that chunked partly-obfuscated things exist on the system=
s
> of full node runners today. It'll be even worse if that's unrestricted wi=
th
> the removal of such limits.
>
> As I said in my Github comment: This is far more than a small technical
> change. This is a fundamental change to the nature of what the Bitcoin
> network itself is in its entirety. Ten years ago, developers of the
> reference implementation knew this, and acted in the best interest of
> Bitcoin itself. Today, too many developers don't understand this duty.
>
> That may sound like hyperbole, but it really isn't. If this change is
> merged into Bitcoin Core, and Bitcoin Core then continues to be the
> reference implementation... Bitcoin as we know it changes forever in the
> most fundamental way imaginable: The reference implementation explicitly
> turning the Bitcoin network into an arbitrary data storage system, instea=
d
> of evolving it as a decentralized currency.
>
> That's not Bitcoin anymore, and we might as well give up on Bitcoin ever
> being a thing if this is the path chosen.  There are very few paths that
> lead to a worthless Bitcoin, and this is probably in the top 3 worst
> options.
>
> I can't understate this. It's one thing to refuse to act when faced with
> an attack/exploit/etc.  That takes actual courage and conviction to do
> what's right for the ecosystem... and I _almost_ can't fault the current
> batch of devs for not having that courage.  However, it's another to open=
ly
> make sweeping changing to the ecosystem in an effort to make such things
> acceptable.
>
> Have the courage to reject this type of thing for the sake of the overall
> project.
>
> JH
> aka wk057
> aka wizkid057
> On Saturday, April 26, 2025 at 8:50:59=E2=80=AFAM UTC-4 Pieter Wuille wro=
te:
>
>> On Saturday, April 26th, 2025 at 7:45 AM, Luke Dashjr <lu...@dashjr.org>
>> wrote:
>>
>> > That's nonsense. They were and continue to be very effective, even wit=
h
>> > only a small amount of adoption. Further, mining centralization and
>>
>> Standardness rules have definitely been effective in the past, if we go
>> far enough back in time. But back then:
>>
>> * There were far less financial incentives to bypass them. Standardness
>> adds inconvenience to people developing infrastructure on top, which can
>> nudge in another direction. But I don't see how million-dollar (or more)
>> business incentives would be thwarted by the need to communicate with
>> miners directly (see below). These incentives will only increase as the
>> subsidy dwindles.
>>
>> * There was far more reason for rules of this kind; the network was smal=
l
>> and far less valuable, and there were significant concerns about increas=
ed
>> node operation cost with a quickly-growing blockchain. With blocks
>> consistently full for most of the time for years now, even at times with=
out
>> so-called "spam", that concern just does not exist; nodes will be
>> processing the same amount of transaction data anyway. I think I share
>> Luke's feelings around non-financially-relevant transactions on-chain, b=
ut
>> given sufficient demand for block space anyway, there just is no need to
>> discriminate.
>>
>> > pools denying miners options has been the biggest barrier to that
>> > adoption. There is no significant financial impact either, that's just
>> > FUD; miners using the fixed and improved spam filters have in fact
>> > earned significantly more than miners using Core.
>>
>> I am doubtful of this claim, and would like to see evidence of it.
>>
>> > It would be a pain, but it is definitely viable. Thankfully, policy
>> > works just fine for spam filtration, and can be adapted much quicker.
>>
>> Nobody is required to adopt policy, and I think you're burying your head
>> in the sand if you believe even in a world with more decentralized
>> hashpower, miners/hashers would voluntarily choose to disregard
>> transactions that pay a significant fee, if the potential gains from
>> accepting them exceed the cost of building infrastructure to bypass
>> whatever policy exists.
>>
>> Bitcoin users do have a means to deny usage of the chain to truly
>> damaging use: consensus changes. Those are not optional, apply to everyo=
ne
>> equally, do not create incentives for bypass, and - and I believe that i=
s a
>> good thing - can only be adopted with very wide agreement.
>>
>> > > b) centralisation
>> >
>> > No, this is more FUD.
>>
>> The **entire** reason why Bitcoin uses PoW, as opposed to using a
>> traditional consensus system with a federation of block-builders, is to
>> avoid censorship. If anyone dislikes the choices current miners make in
>> what transactions they accept, they can - without asking anyone for
>> permission - join the set of miners, and earn a proportional piece of th=
e
>> pie. While it is the case that today mining power is quite concentrated =
in
>> a number of businesses, the set of such businesses can, and has, changed
>> over time. This is a very valuable property.
>>
>> Part of the puzzle to make that permissionlessness of mining work is
>> access to fee-paying transactions from the public. If sufficient economi=
c
>> demand exist for transactions that the public network denies, miners and
>> creators of such transaction will develop transaction rails that bypass
>> that network.
>>
>> If it comes to a point where that economic demand is so high that miners
>> need to rely on private transaction rails to realistically compete, I fe=
el
>> we'd be giving up on one of the most valuable properties the network has=
. I
>> realize this is a slipstreamery-slope argument, but it is already
>> happening, and once the rails are ubiquitous, it will be very hard to go
>> back to a public network.
>>
>> ---
>>
>> Because of all these reasons, Concept ACK on relaxing the OP_RETURN
>> limits, including removing them entirely. I have been a strong proponent=
 of
>> these limits in the past, and I'm not happy with seeing the demand for
>> those transactions. But I also recognize the reality that that demand
>> exists, and the alternative of pushing that demand to bypass the public
>> network is far more damaging.
>>
>> I will add that I am not in favor of relaxing many other standardness
>> rules in Bitcoin Core, such as transaction sizes and other resource
>> limitations. These have significant impact on the public's ability to
>> verify and relay transactions, and reason about incentive compatibility
>> while doing so. Significant and sustained economic demand for such
>> transactions may at some point too mean the policy needs to be revised t=
o
>> avoid an even worse outcome, but I'm hopeful that is not the case. Howev=
er,
>> these arguments do not apply to OP_RETURN limits, which don't serve an
>> objective harm reduction beyond a subjective "that isn't what you should=
 be
>> using the chain for".
>>
>> --
>> Pieter
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/f4f6831a-d6b8-4f32-8a4e-c066=
9cc0a7b8n%40googlegroups.com
> <https://groups.google.com/d/msgid/bitcoindev/f4f6831a-d6b8-4f32-8a4e-c06=
69cc0a7b8n%40googlegroups.com?utm_medium=3Demail&utm_source=3Dfooter>
> .
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CALkkCJY5T5sd5Am0M6abhaMMicwVNvSfwYQP1jMjxfVsuT8Jaw%40mail.gmail.com.

--000000000000d5d0080633efb15d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">Hi,<div dir=3D"auto"><br></div><div dir=3D"auto">I have a=
 little demo for you.<div dir=3D"auto"><br></div><div dir=3D"auto">Firstly,=
 I think the kind of illegal content most people have in mind are images. S=
o let&#39;s start with a question: if one takes an illegal picture and sets=
 every 173th pixel to a red dot will it become legal?</div><div dir=3D"auto=
"><br></div><div dir=3D"auto">If you have trouble imagining it, here&#39;s =
an example for you:=C2=A0<a href=3D"https://imgur.com/a/J7RTPL7">https://im=
gur.com/a/J7RTPL7</a></div><div dir=3D"auto"><br></div><div dir=3D"auto">If=
 you believe it would, we can end this conversation and my point is moot.</=
div><div dir=3D"auto">However, I think you&#39;ll agree the image would sti=
ll be illegal.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Next, I t=
hink it&#39;s obvious that an attacker seeking to harm bitcoin users would =
choose an any image format he likes. So for this example I&#39;m picking BM=
P.</div><div dir=3D"auto"><br></div><div dir=3D"auto">If you encode the ima=
ge above to BMP, which is uncompressed, the red pixels turn into bytes 253,=
 7, 2 which happen to encode witness element length 519. The header size is=
 54 bytes, so stick the byte 54 at the front and you have a valid serializa=
tion of a sequence of witness elements.</div><div dir=3D"auto"><br></div><d=
iv dir=3D"auto">Do you see what this means?</div><div dir=3D"auto"><br></di=
v><div dir=3D"auto"><br></div><div dir=3D"auto">...</div><div dir=3D"auto">=
<br></div><div dir=3D"auto"><br></div><div dir=3D"auto">Yes, it&#39;s too l=
ate to fix this. It&#39;s already trivially possible to make your node stor=
e a sequence of bytes that is considered illegal. If you&#39;re worried abo=
ut it you have to resync the chain right now.</div><div dir=3D"auto"><br></=
div><div dir=3D"auto">Disclaimer: the numbers above might be a bit off, I d=
id most computation in my head. Still, the point stands even if the pixels =
have a bit different spacing/color.</div><div dir=3D"auto"><br></div><div d=
ir=3D"auto">Same thing with malware distribution, except you can easily ski=
p the invalid bytes using jump instructions or other techniques, so that mi=
ght be even worse.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Happy=
 syncing!</div><div dir=3D"auto"><br></div><div dir=3D"auto">Martin</div><b=
r><br><div class=3D"gmail_quote gmail_quote_container" dir=3D"auto"><div di=
r=3D"ltr" class=3D"gmail_attr">D=C5=88a ut 29. 4. 2025, 11:15 Jason Hughes =
(wk057) &lt;<a href=3D"mailto:wizkid057@gmail.com">wizkid057@gmail.com</a>&=
gt; nap=C3=ADsal(a):<br></div><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I was asked to=
 take my comments to the mailing list, so here we go.<br><br>First, see my =
comments on Github PR #32359:<br>-=C2=A0<a href=3D"https://github.com/bitco=
in/bitcoin/pull/32359#issuecomment-2835467933" target=3D"_blank" rel=3D"nor=
eferrer">https://github.com/bitcoin/bitcoin/pull/32359#issuecomment-2835467=
933</a><br>-=C2=A0<a href=3D"https://github.com/bitcoin/bitcoin/pull/32359#=
issuecomment-2835638919" target=3D"_blank" rel=3D"noreferrer">https://githu=
b.com/bitcoin/bitcoin/pull/32359#issuecomment-2835638919</a><br>-=C2=A0<a h=
ref=3D"https://github.com/bitcoin/bitcoin/pull/32359#issuecomment-283401275=
6" target=3D"_blank" rel=3D"noreferrer">https://github.com/bitcoin/bitcoin/=
pull/32359#issuecomment-2834012756</a><br><br>Next, I&#39;ll once again poi=
nt out relevant history for those just tuning in:<br><br>OP_RETURN was only=
 made standard in a limited size to encourage less harmful data carrying in=
 Bitcoin. Attackers were using harmful methods of data carrying in unspenda=
ble UTXOs, and so a way to inject a small amount of data was TOLERABLE over=
 this harmful UTXO bloat that.=C2=A0 That mostly worked, and such practices=
 were quickly minimized. This remained the case for about a decade without =
significant issue. Bitcoin is not file storage, and this was known to devel=
opers at that time.=C2=A0 Sadly, eventually an exploit called &#39;inscript=
ions&#39; happened which blew the cap off of the size limitation of arbitra=
ry data storage... and to make matters worse, developers refused to patch t=
he exploit or otherwise enforce the decade old limit on arbitrary data size=
. If that wasn&#39;t bad enough, exploiters get a 75% discount on transacti=
on fees.<div><br></div><div>With that history in mind, removing limits on=
=C2=A0OP_RETURN standardness size is pointless. Relaxing OP_RETURN size lim=
its without dealing with the inscriptions exploit means no one will use thi=
s for anything besides attacking the network with the worst possible data. =
There&#39;s little to no incentive to use OP_RETURN for data storage when u=
sing the &#39;inscriptions&#39; exploit costs 4x less in transactions. What=
&#39;s the point of having a &quot;standard&quot; way to store arbitrary da=
ta if the exploit method is 4x cheaper? And the nonstandard version of the =
exploit allows 4x the data?<br><br>Further, the inscriptions exploit curren=
tly requires chunking the data between PUSH opcodes, meaning an on-disk ana=
lysis doesn&#39;t actually directly reveal the underlying data the injector=
 intended.=C2=A0 I can still run something like &quot;photorec&quot; on my =
system and not have to sift through thousands of &#39;inscriptions&#39;. Re=
moving the size limit on OP_RETURN breaks this happenstance obfuscation tha=
t has saved us to-date. After this change, when data is recovered from a fu=
ll node system, whatever some anonymous person decided to stuff into an OP_=
RETURN will be serialized in plaintext directly on disk. For the low price =
of a few sats per byte, an attacker can now directly poison the storage of =
every full node runner.<div><br></div><div>If you can&#39;t imagine the har=
m this will do to the ecosystem, let me paint some pictures for you:<br><br=
>First, there&#39;s the obvious. Everyone running a node will now be guaran=
teed to &quot;posses and distribute&quot; content that is likely illegal in=
 their jurisdiction. Not only are you storing this as a full node runner, y=
ou&#39;re serving it to others. Hooray. /s</div><div><br></div><div>Next, t=
here&#39;s less obvious abuses. For example, let&#39;s say I want to distri=
bute malware. Well, might as well just store it in an OP_RETURN. Then, any =
time I compromise a system with a Bitcoin node I know my malware is directl=
y on their system in a mostly predetermined spot already and I don&#39;t ev=
en need to retrieve it from elsewhere! And, even better, my malware can use=
 the Bitcoin P2P network itself to distribute itself. Just find a willing f=
ull node, grab the block it&#39;s in. Thanks for the boost, node runners!<b=
r><br>Worse, in order to actually participate in the network, everyone MUST=
 download all of this data from others (who must host it for you), process =
it, and generally must host it for others to do the same. The network can&#=
39;t survive with 100% pruned nodes. I think too many users nowadays don&#3=
9;t understand that running a full node is the ONLY way to actually partici=
pate in Bitcoin.</div><div><br></div><div>It&#39;s bad enough that chunked =
partly-obfuscated things exist on the systems of full node runners today. I=
t&#39;ll be even worse if that&#39;s unrestricted with the removal of such =
limits.</div><div><br></div>As I said in my Github comment:=C2=A0This is fa=
r more than a small technical change.=C2=A0This is a fundamental change to =
the nature of what the Bitcoin network itself is in its entirety. Ten years=
 ago, developers of the reference implementation knew this, and acted in th=
e best interest of Bitcoin itself. Today, too many developers don&#39;t und=
erstand this duty.<br><br>That may sound like hyperbole, but it really isn&=
#39;t. If this change is merged into Bitcoin Core, and Bitcoin Core then co=
ntinues to be the reference implementation... Bitcoin as we know it changes=
 forever in the most fundamental way imaginable: The reference implementati=
on explicitly turning the Bitcoin network into an arbitrary data storage sy=
stem, instead of evolving it as a decentralized currency.<br><br>That&#39;s=
 not Bitcoin anymore, and we might as well give up on Bitcoin ever being a =
thing if this is the path chosen.=C2=A0

There are very few paths that lead to a worthless Bitcoin, and this is prob=
ably in the top 3 worst options.<br><br>I can&#39;t understate this. It&#39=
;s one thing to refuse to act when faced with an attack/exploit/etc.=C2=A0 =
That takes actual courage and conviction to do what&#39;s right for the eco=
system... and I _almost_ can&#39;t fault the current batch of devs for not =
having that courage.=C2=A0 However, it&#39;s another to openly make sweepin=
g changing to the ecosystem in an effort to make such things acceptable.<br=
><br>Have the courage to reject this type of thing for the sake of the over=
all project.</div><div><br></div><div>JH<br>aka wk057<br>aka wizkid057</div=
><div class=3D"gmail_quote"><div dir=3D"auto" class=3D"gmail_attr">On Satur=
day, April 26, 2025 at 8:50:59=E2=80=AFAM UTC-4 Pieter Wuille wrote:<br></d=
iv><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 0.8ex;border-lef=
t:1px solid rgb(204,204,204);padding-left:1ex">On Saturday, April 26th, 202=
5 at 7:45 AM, Luke Dashjr &lt;<a rel=3D"nofollow noreferrer">lu...@dashjr.o=
rg</a>&gt; wrote:
<br>
<br>&gt; That&#39;s nonsense. They were and continue to be very effective, =
even with
<br>&gt; only a small amount of adoption. Further, mining centralization an=
d
<br>
<br>Standardness rules have definitely been effective in the past, if we go=
 far enough back in time. But back then:
<br>
<br>* There were far less financial incentives to bypass them. Standardness=
 adds inconvenience to people developing infrastructure on top, which can n=
udge in another direction. But I don&#39;t see how million-dollar (or more)=
 business incentives would be thwarted by the need to communicate with mine=
rs directly (see below). These incentives will only increase as the subsidy=
 dwindles.
<br>
<br>* There was far more reason for rules of this kind; the network was sma=
ll and far less valuable, and there were significant concerns about increas=
ed node operation cost with a quickly-growing blockchain. With blocks consi=
stently full for most of the time for years now, even at times without so-c=
alled &quot;spam&quot;, that concern just does not exist; nodes will be pro=
cessing the same amount of transaction data anyway. I think I share Luke&#3=
9;s feelings around non-financially-relevant transactions on-chain, but giv=
en sufficient demand for block space anyway, there just is no need to discr=
iminate.
<br>
<br>&gt; pools denying miners options has been the biggest barrier to that
<br>&gt; adoption. There is no significant financial impact either, that&#3=
9;s just
<br>&gt; FUD; miners using the fixed and improved spam filters have in fact
<br>&gt; earned significantly more than miners using Core.
<br>
<br>I am doubtful of this claim, and would like to see evidence of it.
<br>
<br>&gt; It would be a pain, but it is definitely viable. Thankfully, polic=
y
<br>&gt; works just fine for spam filtration, and can be adapted much quick=
er.
<br>
<br>Nobody is required to adopt policy, and I think you&#39;re burying your=
 head in the sand if you believe even in a world with more decentralized ha=
shpower, miners/hashers would voluntarily choose to disregard transactions =
that pay a significant fee, if the potential gains from accepting them exce=
ed the cost of building infrastructure to bypass whatever policy exists.
<br>
<br>Bitcoin users do have a means to deny usage of the chain to truly damag=
ing use: consensus changes. Those are not optional, apply to everyone equal=
ly, do not create incentives for bypass, and - and I believe that is a good=
 thing - can only be adopted with very wide agreement.
<br>
<br>&gt; &gt; b) centralisation
<br>&gt;=20
<br>&gt; No, this is more FUD.
<br>
<br>The **entire** reason why Bitcoin uses PoW, as opposed to using a tradi=
tional consensus system with a federation of block-builders, is to avoid ce=
nsorship. If anyone dislikes the choices current miners make in what transa=
ctions they accept, they can - without asking anyone for permission - join =
the set of miners, and earn a proportional piece of the pie. While it is th=
e case that today mining power is quite concentrated in a number of busines=
ses, the set of such businesses can, and has, changed over time. This is a =
very valuable property.
<br>
<br>Part of the puzzle to make that permissionlessness of mining work is ac=
cess to fee-paying transactions from the public. If sufficient economic dem=
and exist for transactions that the public network denies, miners and creat=
ors of such transaction will develop transaction rails that bypass that net=
work.
<br>
<br>If it comes to a point where that economic demand is so high that miner=
s need to rely on private transaction rails to realistically compete, I fee=
l we&#39;d be giving up on one of the most valuable properties the network =
has. I realize this is a slipstreamery-slope argument, but it is already ha=
ppening, and once the rails are ubiquitous, it will be very hard to go back=
 to a public network.
<br>
<br>---
<br>
<br>Because of all these reasons, Concept ACK on relaxing the OP_RETURN lim=
its, including removing them entirely. I have been a strong proponent of th=
ese limits in the past, and I&#39;m not happy with seeing the demand for th=
ose transactions. But I also recognize the reality that that demand exists,=
 and the alternative of pushing that demand to bypass the public network is=
 far more damaging.
<br>
<br>I will add that I am not in favor of relaxing many other standardness r=
ules in Bitcoin Core, such as transaction sizes and other resource limitati=
ons. These have significant impact on the public&#39;s ability to verify an=
d relay transactions, and reason about incentive compatibility while doing =
so. Significant and sustained economic demand for such transactions may at =
some point too mean the policy needs to be revised to avoid an even worse o=
utcome, but I&#39;m hopeful that is not the case. However, these arguments =
do not apply to OP_RETURN limits, which don&#39;t serve an objective harm r=
eduction beyond a subjective &quot;that isn&#39;t what you should be using =
the chain for&quot;.
<br>
<br>--=20
<br>Pieter
<br>
<br></blockquote></div>

<p></p>

-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" target=
=3D"_blank" rel=3D"noreferrer">bitcoindev+unsubscribe@googlegroups.com</a>.=
<br>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/f4f6831a-d6b8-4f32-8a4e-c0669cc0a7b8n%40googlegroups.com?utm_med=
ium=3Demail&amp;utm_source=3Dfooter" target=3D"_blank" rel=3D"noreferrer">h=
ttps://groups.google.com/d/msgid/bitcoindev/f4f6831a-d6b8-4f32-8a4e-c0669cc=
0a7b8n%40googlegroups.com</a>.<br>
</blockquote></div></div></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CALkkCJY5T5sd5Am0M6abhaMMicwVNvSfwYQP1jMjxfVsuT8Jaw%40mail.gmail=
.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/ms=
gid/bitcoindev/CALkkCJY5T5sd5Am0M6abhaMMicwVNvSfwYQP1jMjxfVsuT8Jaw%40mail.g=
mail.com</a>.<br />

--000000000000d5d0080633efb15d--