Re: [Bitcoin-development] [softfork proposal] Strict DER signatures

[Andrew Poelstra]

I've read this and it looks A-OK to me.

Andrew



On Tue, Jan 20, 2015 at 07:35:49PM -0500, Pieter Wuille wrote:
 Hello everyone,
 
 We've been aware of the risk of depending on OpenSSL for consensus
 rules for a while, and were trying to get rid of this as part of BIP
 62 (malleability protection), which was however postponed due to
 unforeseen complexities. The recent evens (see the thread titled
 OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection.
 on this mailing list) have made it clear that the problem is very
 real, however, and I would prefer to have a fundamental solution for
 it sooner rather than later.
 
 I therefore propose a softfork to make non-DER signatures illegal
 (they've been non-standard since v0.8.0). A draft BIP text can be
 found on:
 
 https://gist.github.com/sipa/5d12c343746dad376c80
 
 The document includes motivation and specification. In addition, an
 implementation (including unit tests derived from the BIP text) can be
 found on:
 
 https://github.com/sipa/bitcoin/commit/bipstrictder
 
 Comments/criticisms are very welcome, but I'd prefer keeping the
 discussion here on the mailinglist (which is more accessible than on
 the gist).
 
 -- 
 Pieter
 
 --
 New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
 GigeNET is offering a free month of service with a new server in Ashburn.
 Choose from 2 high performing configs, both with 100TB of bandwidth.
 Higher redundancy.Lower latency.Increased capacity.Completely compliant.
 http://p.sf.net/sfu/gigenet
 ___
 Bitcoin-development mailing list
 Bitcoin-development@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/bitcoin-development
 

-- 
Andrew Poelstra
Mathematics Department, University of Texas at Austin
Email: apoelstra at wpsoftware.net
Web:   http://www.wpsoftware.net/andrew

If they had taught a class on how to be the kind of citizen Dick Cheney
 worries about, I would have finished high school.   --Edward Snowden



pgpgbq38zIFUD.pgp
Description: PGP signature
--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Re: [Bitcoin-development] side-chains 2-way pegging (Re: is there a way to do bitcoin-staging?)

[Andrew Poelstra]

On Mon, Nov 03, 2014 at 06:01:46PM +0200, Alex Mizrahi wrote:
 
 Yes, but harder isn't same as unlikely.


We are aware of the distintion between hardness (expected work) and
likelihood of successful attack -- much of Appendix B talks about this,
in the context of producing compact SPV proofs which are (a) hard to
forge, and (b) very unlikely to be forgeries.

We did spend some time formalizing this but due to space constraints
(and it being somewhat beside the point of the whitepaper beyond we
believe it is possible to do), we did not explore this in as great
depth as we'd have liked.
 
 Another problem with this section is that it only mentions reorganizations.
 But a fraudulent transfer can happen without a reorganization, as an
 attacker can produce an SPV proof which is totally fake. So this is not
 similar to double-spending, attacker doesn't need to own coins to perform
 an attack.
 

Well, even in the absense of a reorganization, the attacker's false proof
will just be invalidated by a proof of longer work on the real chain.
And there is still a real cost to producing the false proof.


-- 
Andrew Poelstra
Mathematics Department, University of Texas at Austin
Email: apoelstra at wpsoftware.net
Web:   http://www.wpsoftware.net/andrew



pgpHV90RFPrEv.pgp
Description: PGP signature
--
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development