public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Peter Todd <pete@petertodd•org>
To: Gavin Andresen <gavin@bitcoinfoundation•org>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal: relax the IsStandard rules for P2SH transactions
Date: Tue, 17 Jun 2014 20:15:03 -0400	[thread overview]
Message-ID: <20140618001503.GA8360@savin> (raw)
In-Reply-To: <CABsx9T2+_tLOPELm+K54D=6SNkHg1ZeO_T1jSM=CQZYJKGODFw@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3082 bytes --]

On Tue, Jun 17, 2014 at 03:40:36PM -0400, Gavin Andresen wrote:
> Assuming there is rough consensus, I'll make this a pull request (see
> https://github.com/gavinandresen/bitcoin-git/tree/relax_isstandard for code
> changes).

I'm also working on a very similar patch with some additional
protections to ensure forwards compatibility during soft-fork upgrades
and provide protections against transaction malleability.

> Now that we are finally starting to see the use of multi-signature and
> other more complicated transaction forms in applications I think it is time
> to open up the "IsStandard" transaction rules on the main Bitcoin network.

Agreed.

> There are two main risks to doing this:
> 
> 1. The risk that one of the seldom-used opcodes has a not-yet-discovered
> chain-forking bug. I believe that risk to be very low; we have never seen
> such a bug on the test network (where all transaction forms are allowed)
> and have never found a bug after writing extensive unit tests.

Agreed.

The script execution code is probably in the 99.9th percentile of open
source code in terms of code review.

> 2. The risk of opening up a denial-of-service attack (either bloat the
> blockchain or use an excessive amount of CPU time) via a very
> expensive-to-store-or-verify transaction. This proposal does not entirely
> eliminate IsStandard checks to mitigate the potential for DoS attacks.

3. The risk that non-upgraded miners produce invalid blocks after a
   soft-fork due to them mining transactions that are now invalid.

4. Transaction malleability.

> Proposal
> --------
> Allow any Script containing 15 or fewer signature operations as a
> pay-to-script-hash (P2SH) Script to be relayed and mined by the reference
> implementation.
> 
> This should be a simple change to the AreInputsStandard() method in the
> reference implementation.

In addition to these changes the soft-fork-safe patch I'm working on
would do the following:

a) Define an opcode whitelist of soft-fork-safe opcodes.

This whitelist includes every opcode but the invalid opcodes, and most
importantly, the OP_NOPx opcodes that may be redefined in a future
soft-fork with new behavior. This rule, along with rejecting transations
with unknown nVersion's, ensures that a miner still running an old
version of Bitcoin Core will only mine transactions that the new version
of Bitcoin Core considers valid.

b) Consider scripts that leave extra items on the stack after execution
   to be non-standard.

As per Pieter Wuille's BIP62 "Dealing with malleability" extra scriptSig
pushes are a malleability source. If adding extra pushes causes a
transaction to be invalid, scriptPubKeys will in most cases be
automatically non-malleable. This change I've already submitted as a
separate pull-req: https://github.com/bitcoin/bitcoin/pull/4311


I'd be happy to add the above to your existing patch and submit the
pull-req for you.

-- 
'peter'[:-1]@petertodd.org
0000000000000000407e409a626b01bfb275cb88768ca74f3ea9bd87b2e7e1d9

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 685 bytes --]

  reply	other threads:[~2014-06-18  0:15 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-17 19:40 Gavin Andresen
2014-06-18  0:15 ` Peter Todd [this message]
2014-06-18 12:52   ` Gavin Andresen
2014-06-19 10:09     ` Peter Todd
2014-06-19 13:54       ` Gavin Andresen
2014-06-20  0:45         ` Peter Todd
2014-09-29  2:35         ` [Bitcoin-development] New opcodes and transaction version numbers (was 'relax the IsStandard rules for P2SH transactions') Peter Todd
2014-09-29  4:30           ` Alan Reiner
2014-09-29  5:35             ` Peter Todd
2014-06-18  7:42 ` [Bitcoin-development] Proposal: relax the IsStandard rules for P2SH transactions Wladimir

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140618001503.GA8360@savin \
    --to=pete@petertodd$(echo .)org \
    --cc=bitcoin-development@lists$(echo .)sourceforge.net \
    --cc=gavin@bitcoinfoundation$(echo .)org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox