[Bitcoin-development] To prevent arbitrary data storage in txouts — The Ultimate Solution

Peter Todd pete at petertodd.org
Wed Apr 10 03:03:01 UTC 2013

On Tue, Apr 09, 2013 at 07:53:38PM -0700, Gregory Maxwell wrote:

Note how we can already do this: P2SH uses Hash160, which is
RIPE160(SHA256(d)) We still need a new P2SH *address* type, that
provides the full 256 bits, but no-one uses P2SH addresses yet anyway.

This will restrict data stuffing to brute forcing hash collisions. It'd
be interesting working out the math for how effective that is, but it'll
certainely be expensive in terms of time hashing power that could solve
shares instead.

> (1) Define a new address type, P2SH^2 like P2SH but is instead
> H(H(ScriptPubKey)) instead of H(ScriptPubKey). A P2SH^2 address it is
> a hash of a P2SH address.
> (2) Make a relay rule so that to relay a P2SH^2  you must include
> along the inner P2SH address.  All nodes can trivially verify it by
> hashing it.
> (2a) If we find that miners mine P2SH^2 addresses where the P2SH
> wasn't relayed (e.g. they want the fees) we introduce a block
> discouragement rule where a block is discouraged if you receive it
> without receiving the P2SH^2 pre-images for it.
> With this minor change there is _no_ non-prunable location for users
> to cram data into except values.  (and the inefficiency of cramming
> data into values is a strong deterrent in any case)
> The same thing could also be done for OP_RETURN PUSH value outputs
> used to link transactions to data. Make the data be a hash, outside of
> the txn include the preimage of the hash.
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130409/dafe5a80/attachment.sig>

More information about the bitcoin-dev mailing list