public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Tim Ruffing <tim.ruffing@mmci•uni-saarland.de>
To: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Taproot: Privacy preserving switchable scripting
Date: Thu, 25 Jan 2018 00:22:05 +0100	[thread overview]
Message-ID: <1516836125.5969.11.camel@mmci.uni-saarland.de> (raw)
In-Reply-To: <CAAt2M19csW3eTW_rrS+8+OuaG18EhqajWgLFotCrcVfSeVmrrQ@mail.gmail.com>

On Wed, 2018-01-24 at 19:51 +0100, Natanael wrote:
> 
> That's not the type of attack I'm imagining. Both versions of your
> scheme are essentially equivalent in terms of this attack. 
> 
> Intended steps: 
> 1: You publish a hash commitment. 
> 2: The hash ends up in the blockchain. 
> 3: You publish the transaction itself, and it matches the hash
> commitment. 
> 4: Because it matches, miners includes it. It's now in the
> blockchain. 

I think you misread my second proposal. The first step is not only to
publish the hash but to publish a *pair* consisting of the hash and the
transaction.

If the attacker changes the transaction on the wire, the user does not
care and will try again.

By the way: As described here, everybody could do this first step and
flood the blockchain with it. We cannot immediately subtract a fee,
because it's not clear that some transaction will take place at all. So
we need to take the fee from somewhere else or do something else to
prevent spam. But that's entirely different issue...


  reply	other threads:[~2018-01-24 23:22 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-23  0:30 Gregory Maxwell
2018-01-23  1:55 ` Chris Belcher
2018-01-23  2:51 ` Matt Corallo
2018-01-23 14:39   ` Mark Friedenbach
2018-01-23 21:23     ` Matt Corallo
2018-01-23 21:38       ` Gregory Maxwell
2018-01-23  6:44 ` Anthony Towns
2018-01-23 13:15   ` Gregory Maxwell
2018-01-23 22:22     ` Anthony Towns
2018-01-23 22:45       ` Gregory Maxwell
2018-01-24  1:52         ` Andrew Poelstra
2018-01-24  9:28           ` Tim Ruffing
2018-01-24 12:51         ` Natanael
2018-01-24 15:38           ` Tim Ruffing
2018-01-24 18:51             ` Natanael
2018-01-24 23:22               ` Tim Ruffing [this message]
2018-01-25  0:09                 ` Natanael
2018-01-26 13:14                   ` [bitcoin-dev] Recovery of old UTXOs in a post-quantum world Tim Ruffing
2018-01-27 17:07   ` [bitcoin-dev] Taproot: Privacy preserving switchable scripting Russell O'Connor
2018-01-27 17:23     ` Matt Corallo
2018-01-23 15:43 ` Greg Sanders
2018-01-26 21:34 ` Gregory Maxwell
2018-07-13  1:51   ` [bitcoin-dev] Generalised taproot Anthony Towns
2018-10-24  2:22     ` Pieter Wuille
2018-02-05  9:27 ` [bitcoin-dev] Taproot: Privacy preserving switchable scripting ZmnSCPxj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1516836125.5969.11.camel@mmci.uni-saarland.de \
    --to=tim.ruffing@mmci$(echo .)uni-saarland.de \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox