public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: "Eric Lombrozo" <elombrozo@gmail•com>
To: "Jonathan Toomim" <j@toom•im>, "Pieter Wuille" <pieter.wuille@gmail•com>
Cc: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] On the security of softforks
Date: Fri, 18 Dec 2015 03:02:36 +0000	[thread overview]
Message-ID: <em9d607452-50c0-4aa2-941e-7b637a287a70@platinum> (raw)
In-Reply-To: <E76D5BF9-41BF-4AF5-BBAC-06F4EF574EBE@toom.im>

[-- Attachment #1: Type: text/plain, Size: 2738 bytes --]

First of all, that's an expensive beer!

Second of all, any consensus rule change risks non-full-validating or 
non-upgraded nodes seeing invalid confirmations...but assuming a large 
supermajority (i.e. > 95%) of hashing power is behind the new rule, it 
is extremely unlikely that very many invalid confirmations will ever be 
seen by anyone. The number of confirmations you require depends on your 
use case security requirements...and especially during a new rule 
activation, it is probably not a good idea for non-validating nodes or 
non-upgraded nodes to accept coins with low confirmation counts unless 
the risk is accounted for in the use case (i.e. a web hosting provider 
that can shut the user out if fraud is later detected).

Third of all, as long as the rule change activation is signaled in 
blocks, even old nodes will be able to detect that something is fishy 
and warn users to be more cautious (i.e. wait more confirmations or 
immediately upgrade or connect to a different node that has upgraded, 
etc...)

I honestly don't see an issue here - unless you're already violating 
fundamental security assumptions that would make you vulnerable to 
exploitation even without rule changes.

- Eric

------ Original Message ------
From: "Jonathan Toomim via bitcoin-dev" 
<bitcoin-dev@lists•linuxfoundation.org>
To: "Pieter Wuille" <pieter.wuille@gmail•com>
Cc: "Bitcoin Dev" <bitcoin-dev@lists•linuxfoundation.org>
Sent: 12/17/2015 6:47:14 PM
Subject: Re: [bitcoin-dev] On the security of softforks

>
>On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev 
><bitcoin-dev@lists•linuxfoundation.org> wrote:
>
>>1) The risk of an old full node wallet accepting a transaction that is
>>invalid to the new rules.
>>
>>The receiver wallet chooses what address/script to accept coins on.
>>They'll upgrade to the new softfork rules before creating an address
>>that depends on the softfork's features.
>>
>>So, not a problem.
>
>Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob 
>runs the old rules. Bob creates a p2pkh address for Mallory to use. 
>Mallory takes 1 BTC, and creates an invalid SegWit transaction that Bob 
>cannot properly validate and that pays into one of Mallory's wallets. 
>Mallory then immediately spends the unconfirmed transaction into Bob's 
>address. Bob sees what appears to be a valid transaction chain which is 
>not actually valid.
>
>Clueless Carol is one of the 4.9% of miners who forgot to upgrade her 
>mining node. Carol sees that Mallory included an enormous fee in his 
>transactions, so Carol makes sure to include both transactions in her 
>block.
>
>Mallory gets free beer.
>
>Anything I'm missing?

[-- Attachment #2: Type: text/html, Size: 6750 bytes --]

  reply	other threads:[~2015-12-18  3:02 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-18  2:30 Pieter Wuille
2015-12-18  2:47 ` Jonathan Toomim
2015-12-18  3:02   ` Eric Lombrozo [this message]
2015-12-18 12:18     ` Peter Todd
2015-12-19 15:48       ` Bryan Bishop
2015-12-18  3:10   ` jl2012
2015-12-18  5:32     ` Jorge Timón
2015-12-18  6:12   ` Anthony Towns
2015-12-19  1:36   ` Chris
2015-12-19 17:46   ` Andrew
2015-12-20  4:14   ` Rusty Russell
2015-12-20 19:16     ` jl2012

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=em9d607452-50c0-4aa2-941e-7b637a287a70@platinum \
    --to=elombrozo@gmail$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=j@toom$(echo .)im \
    --cc=pieter.wuille@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox