[Bitcoin-ml] What i would like to see in the next HF + timeline

Tom Zander tomz at freedommail.ch
Thu Aug 31 08:40:38 UTC 2017 

On Thursday, 31 August 2017 00:44:41 CEST Amaury Séchet wrote:
> 2017-08-29 16:55 GMT+02:00 Tom Zander via bitcoin-ml 
> > This will fail in the case of these two transactions are included in a
> > block.
> > a) a TX that spends the last output of txid1
> > b) a new TX that also hashes to txid1
> > 
> > I can think of a simple 3-transaction loop that is capable of creating a
> > duplicate transaction-id. (and, yes, this is legal even wrt to bip 30).
> > 
> > This unfortunately kills the optimization you are thinking about.
> 
> I would really like to understand this better.
...
>  This is possible in theory, but if we assume a giant reorg
> of several years won't happen, then I think it is impossible (I'd have to
> double check).

The block height being a mandatory inclusion is a software patch you (=ABC)
inherited from Core, none of the other clients inherited that patch. [1]

As such its a reorg of less than a day.
But I do agree that such a reorg is impractical.

> Am I missing something ?

The situation I was thinking about is a loop where the first txid is used by 
the second. etc. and the 3rd points to the first again.
This naturally, can’t be done without brute-forcing sha256 and that makes it 
academical.
Which is not the same thing as impractical as academical things can turn out 
to be attack vectors. Impractical things are just too expensive to try to 
get a profit.

The result is that you can create money out of thin air, provided you spend 
it in the same block. Yes, you may need to brute-force hashes, but you have 
years to do it. Not saying this is a likely attack, but it a problem that is 
introduced here. I see value in avoiding attack vectors where people can 
create coins out of thin air because I likely can’t oversee all the possible 
attacks that this creates.


In the end, my objection to the relaxing of the block-tx-ordering stands.
First, I don’t see the point. You try to make a protocol rule out of 
something that can be done by software. This has the natural effect of 
forcing everyone in the ecosystem to do the software refactor. This is not 
good design.
Just do the software update on your client. Leave the ordering intact.

I have the impression that you think we need to relax the ordering if we are 
to benefit from the merkle-tree change. I don’t see that connection. We can 
have the merkle-tree change without any changes in transaction ordering.
All that needs to happen is that the merkle-root calculation gets
a) a set of transaction-ids. Which it sorts before making the (sub) tree.
b) the coinbase-txid

How does that sound?


footnote;
1) would be interesting to check how many SPV wallets make the usage of the 
height a mandatory thing in the coinbase comment.
I would not be against removing that requirement as its only there as way to 
fix for BIP 30. It is technical debt. Naturally, the explicit requirement can 
be removed only because the implicit requirement of the txid being unique 
keeps it there.
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

More information about the bitcoin-ml mailing list